On Tue, 2022-11-29 at 22:31 +0100, Joachim Lindenberg via samba wrote:> Hello, > > I am wondering whether it is possible / recommended or not, to > install and use freeradius on a domain controller. The documentation > at > https://wiki.samba.org/index.php/Authenticating_Freeradius_against_Active_Directory > is about installation/configuration on member servers only. > > Any thoughts? What changes on a dc?It should still just work, as the same winbindd is under the hood and this mode of operation is connected, but running a member server allows more separation of concerns and avoids any DC being 'special'. VMs or containers are good for this. Andrew Bartlett -- Andrew Bartlett (he/him) https://samba.org/~abartlet/ Samba Team Member (since 2001) https://samba.org Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba Samba Development and Support, Catalyst IT - Expert Open Source Solutions
Hi, I?m running freeradius on our DCs on several sites using the winbind method. However, our experience using containers (LXC) was very bad, so we use only virtual machines. As far as I remember we more or less followed the guide and tweaked here or there to suit our needs. If you want, I can share my sanitized configs, let me know. Greetings, Alexander> On Wednesday, Nov 30, 2022 at 12:51 AM, Andrew Bartlett via samba <samba at lists.samba.org (mailto:samba at lists.samba.org)> wrote: > On Tue, 2022-11-29 at 22:31 +0100, Joachim Lindenberg via samba wrote: > > Hello, > > > > I am wondering whether it is possible / recommended or not, to > > install and use freeradius on a domain controller. The documentation > > at > > https://wiki.samba.org/index.php/Authenticating_Freeradius_against_Active_Directory > > is about installation/configuration on member servers only. > > > > Any thoughts? What changes on a dc? > > It should still just work, as the same winbindd is under the hood and > this mode of operation is connected, but running a member server allows > more separation of concerns and avoids any DC being 'special'. > > VMs or containers are good for this. > > Andrew Bartlett > -- > Andrew Bartlett (he/him) https://samba.org/~abartlet/ > Samba Team Member (since 2001) https://samba.org > Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba > > Samba Development and Support, Catalyst IT - Expert Open Source > Solutions > > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Hello Andrew, good point. Actually I would love to run freeradius + samba in one or two docker containers. However, while there are descriptions on how to run freeradius in a container, there aren?t a lot for a samba member server. Any pointer for that? Thanks, Joachim -----Urspr?ngliche Nachricht----- Von: Andrew Bartlett <abartlet at samba.org> Gesendet: Mittwoch, 30. November 2022 00:51 An: Joachim Lindenberg <samba at lindenberg.one>; samba at lists.samba.org Betreff: Re: [Samba] freeradius on dc? On Tue, 2022-11-29 at 22:31 +0100, Joachim Lindenberg via samba wrote:> Hello, > > I am wondering whether it is possible / recommended or not, to install > and use freeradius on a domain controller. The documentation at > https://wiki.samba.org/index.php/Authenticating_Freeradius_against_Act > ive_Directory is about installation/configuration on member servers > only. > > Any thoughts? What changes on a dc?It should still just work, as the same winbindd is under the hood and this mode of operation is connected, but running a member server allows more separation of concerns and avoids any DC being 'special'. VMs or containers are good for this. Andrew Bartlett -- Andrew Bartlett (he/him) https://samba.org/~abartlet/ Samba Team Member (since 2001) https://samba.org Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba Samba Development and Support, Catalyst IT - Expert Open Source Solutions