L.P.H. van Belle
2021-Jul-16 15:04 UTC
[Samba] Freeradius, Samba AD and machine account...
Ah, wrong link Marco. Read this one : http://deployingradius.com/documents/configuration/active_directory.html And https://wiki.samba.org/index.php/Authenticating_Freeradius_against_Active_Directory ;-) Have a great weekend, im off, going home.. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Marco Gaiarin via samba > Verzonden: vrijdag 16 juli 2021 16:25 > Aan: samba at lists.samba.org > Onderwerp: [Samba] Freeradius, Samba AD and machine account... > > > A bit tired, but is friday, to go around the Win10 'upgrades'... in > 20H2 seems that there's no way to save 'system wide' a wireless > WPA2/PEAP/MSCHAPv2 credentials, so wireless cannot start at boot time, > but only after user logon... > > > Anyway, but also for this, i'm trying to revamp my 'WPA2/PEAP/MSCHAPv2 > auth with machine account' configuration that worked decently for > samba3/NT, and that i've not tried in Samba/AD. > > > I've followed: > > > https://wiki.freeradius.org/guide/FreeRADIUS-Active-Directory- > Integration-HOWTO > > but still seems i need some pre/post processing, because i get: > > Jul 16 16:15:15 vdmsv1 radiusd[23026]: (9) Login > incorrect: [host/AFTERSHOCK.ad.fvg.lnf.it] (from client > unifi-sv port 0 cli 00-C2-C6-24-2D-63 via TLS tunnel) > Jul 16 16:15:15 vdmsv1 radiusd[23026]: (10) eap_peap: The > users session was previously rejected: returning reject (again.) > Jul 16 16:15:15 vdmsv1 radiusd[23026]: (10) eap_peap: This > means you need to read the PREVIOUS messages in the debug output > Jul 16 16:15:15 vdmsv1 radiusd[23026]: (10) eap_peap: to > find out the reason why the user was rejected > Jul 16 16:15:15 vdmsv1 radiusd[23026]: (10) eap_peap: Look > for "reject" or "fail". Those earlier messages will tell you > Jul 16 16:15:15 vdmsv1 radiusd[23026]: (10) eap_peap: what > went wrong, and how to fix the problem > Jul 16 16:15:15 vdmsv1 radiusd[23026]: (10) Login incorrect > (eap: Failed continuing EAP PEAP (25) session. EAP > sub-module failed): [host/AFTERSHOCK.ad.fvg.lnf.it] (from > client unifi-sv port 0 cli 00-C2-C6-24-2D-63) > > 'personal' account login works as expected: > > Jul 16 16:23:35 vdmsv1 radiusd[27296]: (10) Login OK: > [gaio] (from client unifi-sv port 0 cli 00-E1-8C-D7-85-57 via > TLS tunnel) > Jul 16 16:23:35 vdmsv1 radiusd[27296]: (11) Login OK: [gaio] > (from client unifi-sv port 0 cli 00-E1-8C-D7-85-57) > > > > Someone have a working setup? Thanks. > > -- > dott. Marco Gaiarin GNUPG > Key ID: 240A3D66 > Associazione ``La Nostra Famiglia'' > http://www.lanostrafamiglia.it/ > Polo FVG - Via della Bont?, 7 - 33078 - San Vito al > Tagliamento (PN) > marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 > f +39-0434-842797 > > Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! > http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 > (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA) > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
Mandi! L.P.H. van Belle via samba In chel di` si favelave...> Read this one : http://deployingradius.com/documents/configuration/active_directory.html > And > https://wiki.samba.org/index.php/Authenticating_Freeradius_against_Active_DirectoryI've followed both of these link, and effectovely in this way users can authenticate to the wireless. But i'm speaking about machine account wireless authetication... -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bont?, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)