Displaying 13 results from an estimated 13 matches for "lambrook".
2017 May 27
3
idmap woes after upgrade
...er' now. 'wbinfo -i' returns the correct data, and I've got my 'uidNumber' and 'gidNumber' fields correctly filled out in my AD.
My smb.conf idmap entries are:
idmap_ldb:use rfc2307 = yes
idmap config *:backend = tdb
idmap config *:range = 2000-9999
idmap config LAMBROOK:backend = ad
idmap config LAMBROOK:schema_mode = rfc2307
idmap config LAMBROOK:range = 10000-99999
idmap config LAMBROOK:unix_nss_info = yes
idmap config LAMBROOK : unix_primary_group = yes
winbind nss info = rfc2307
My idmap.ldb file contains this for my SID:
# record 143
dn: CN=S-1-5-21-x...
2017 May 29
2
ntlm_auth with freeradius
...th challenge and nt-responses.
I'm using ntlm_auth in freeradius to authenticate my wifi users against my AD. In sernet-samba-4.2.14 it was working perfectly. My freeradius server is an AD Member, and I've got two other sernet-samba-4.6.4 AD DC's.
$ ntlm_auth --request-nt-key --domain=LAMBROOK --username=tim.odriscoll --password=<mypass>
NT_STATUS_OK: Success (0x0)
$ ntlm_auth --request-nt-key --domain=LAMBROOK --username=tim.odriscoll --password=<mypass> --challenge=<challenge-from-radtest> --nt-response=<response-from-radtest>
Logon failure (0xc000006d)
Is it...
2017 May 27
0
idmap woes after upgrade
...the correct
> data, and I've got my 'uidNumber' and 'gidNumber' fields correctly
> filled out in my AD.
>
> My smb.conf idmap entries are:
> idmap_ldb:use rfc2307 = yes
> idmap config *:backend = tdb
> idmap config *:range = 2000-9999
> idmap config LAMBROOK:backend = ad
> idmap config LAMBROOK:schema_mode = rfc2307
> idmap config LAMBROOK:range = 10000-99999
> idmap config LAMBROOK:unix_nss_info = yes
> idmap config LAMBROOK : unix_primary_group = yes
> winbind nss info = rfc2307
>
> My idmap.ldb file contains this for my SI...
2017 May 29
0
Fw: ntlm_auth with freeradius
...2202]: request interface version (version = 28)
[ 2202]: request location of privileged pipe
getgroups root
Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
[ 2205]: request interface version (version = 28)
[ 2205]: request location of privileged pipe
[ 2205]: request misc info
[ 2205]: pam auth LAMBROOK+tim.odriscoll
child daemon request 13
[ 2160]: dual pam auth LAMBROOK+tim.odriscoll
rpc_api_pipe: host mail3.lambrookschool.co.uk
rpc_write_send: data_to_write: 376
rpc_read_send: data_to_read: 872
Plain-text authentication for user LAMBROOK+tim.odriscoll returned NT_STATUS_OK (PAM: 0)
Finished pro...
2017 May 27
0
idmap woes after upgrade
On Sat, 27 May 2017 11:02:36 +0000
Tim ODriscoll <tim.odriscoll at lambrookschool.co.uk> wrote:
> Hi Rowland,
>
> On 27 May 2017 11:39:
> > Hmm, you mention:
> >
> > 'idmap_ldb:use rfc2307 = yes' and 'xidNumber'
> >
> > Is this on a DC or a Unix domain member ?
>
> This is on a DC. I only have two centOS7...
2017 May 27
3
idmap woes after upgrade
Hi Rowland,
On 27 May 2017 11:39:
> Hmm, you mention:
>
> 'idmap_ldb:use rfc2307 = yes' and 'xidNumber'
>
> Is this on a DC or a Unix domain member ?
This is on a DC. I only have two centOS7 AD DC's in my environment..
Tim
2023 Apr 04
1
Fwd: ntlm_auth and freeradius
...ters. Without '-t mschap' works, but with it fails.
I've narrowed down the authenticating DC, turned up logging and found this:
[2023/04/04 08:36:31.653500, 3] ../../source4/auth/ntlm/auth.c:207(auth_check_password_send)
auth_check_password_send: Checking password for unmapped user [lambrook]\[tim.odriscoll]@[\\FILESB01]
auth_check_password_send: user is: [lambrook]\[tim.odriscoll]@[\\FILESB01]
[2023/04/04 08:36:31.653534, 5] ../../source4/auth/ntlm/auth.c:70(auth_get_challenge)
auth_get_challenge: returning previous challenge by module netr_LogonSamLogonWithFlags (normal)
[2023/0...
2023 Apr 04
1
Fwd: ntlm_auth and freeradius
...>
>
>
> I've narrowed down the authenticating DC, turned up logging and found
> this:
>
>
> [2023/04/04 08:36:31.653500, 3]
> ../../source4/auth/ntlm/auth.c:207(auth_check_password_send)
> auth_check_password_send: Checking password for unmapped user
> [lambrook]\[tim.odriscoll]@[\\FILESB01]
>
> auth_check_password_send: user is:
> [lambrook]\[tim.odriscoll]@[\\FILESB01]
>
> [2023/04/04 08:36:31.653534, 5]
> ../../source4/auth/ntlm/auth.c:70(auth_get_challenge)
>
> auth_get_challenge: returning previous challenge by module
&...
2023 Apr 03
2
[EXTERNAL] Fwd: ntlm_auth and freeradius
On Mon, 2023-04-03 at 15:08 +0000, Tim ODriscoll via samba wrote:
> Unfortunately it's still erroring out:
> (7) mschap: Creating challenge hash with username: host/SL-6S4BBS3.MYDOMAIN.co.uk
> (7) mschap: Client is using MS-CHAPv2
Is this set as a UPN (with the realm appended) on the user?
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001)
2023 Apr 04
2
Fwd: ntlm_auth and freeradius
...pleading that it used MSCHAPv2 with it's client.
> This is related to the missing ntlm_auth option --allow-mschapv2
I've got that option in my ntlm_auth command:
(21) mschap: Executing: /usr/bin/ntlm_auth --request-nt-key --username=%{%{mschap:User-Name}:-00} --allow-mschapv2 --domain=lambrook --challenge=%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00}:
So, why when I use --allow-mschapv2 is the DC telling me it's rejecting the request because it's NTLMv1? Have I missed a setting somewhere?
Thank you,
Tim
2023 Apr 03
1
ntlm_auth and freeradius
...and-ntlmv2-only
But I'm getting this back from FreeRADIUS:
(7) mschap: Creating challenge hash with username: host/SL-6S4BBS3.MYDOMAIN.co.uk
(7) mschap: Client is using MS-CHAPv2
(7) mschap: Executing: /usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name} --allow-mschapv2 --domain=lambrook --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}:
(7) mschap: EXPAND --username=%{mschap:User-Name}
(7) mschap: --> --username=SL-6S4BBS3$
(7) mschap: Creating challenge hash with username: host/SL-6S4BBS3.MYDOMAIN.co.uk
(7) mschap: EXPAND --challenge=%{mschap:Chall...
2023 Apr 03
2
ntlm_auth and freeradius
...; But I'm getting this back from FreeRADIUS:
> (7) mschap: Creating challenge hash with username: host/SL-6S4BBS3.MYDOMAIN.co.uk
> (7) mschap: Client is using MS-CHAPv2
> (7) mschap: Executing: /usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name} --allow-mschapv2 --domain=lambrook --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}:
> (7) mschap: EXPAND --username=%{mschap:User-Name}
> (7) mschap: --> --username=SL-6S4BBS3$
> (7) mschap: Creating challenge hash with username: host/SL-6S4BBS3.MYDOMAIN.co.uk
> (7) mschap: EXPAND --chal...
2023 Apr 03
2
Fwd: ntlm_auth and freeradius
...; But I'm getting this back from FreeRADIUS:
> (7) mschap: Creating challenge hash with username: host/SL-6S4BBS3.MYDOMAIN.co.uk
> (7) mschap: Client is using MS-CHAPv2
> (7) mschap: Executing: /usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name} --allow-mschapv2 --domain=lambrook --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}:
> (7) mschap: EXPAND --username=%{mschap:User-Name}
> (7) mschap: --> --username=SL-6S4BBS3$
> (7) mschap: Creating challenge hash with username: host/SL-6S4BBS3.MYDOMAIN.co.uk
> (7) mschap: EXPAND --chal...