search for: odriscol

On Mon, 2023-04-03 at 15:08 +0000, Tim ODriscoll via samba wrote: Unfortunately it's still erroring out: (7) mschap: Creating challenge hash with username: host/SL-6S4BBS3.MYDOMAIN.co.uk (7) mschap: Client is using MS-CHAPv2 > Is this set as a UPN (with the realm appended) on the user? I don't see any UPN's in my AD record, o...

...tains this for my SID: # record 143 dn: CN=S-1-5-21-xxxxxx-xxxxxx-xxxxxx-1002 cn: S-1-5-21-xxxxxx-xxxxx-xxxxxx-1002 objectClass: sidMap objectSid: S-1-5-21-xxxxxx-xxxxxx-xxxxxx-1002 type: ID_TYPE_BOTH xidNumber: 3000017 distinguishedName: CN=S-1-5-21-xxxxxx-xxxxxx-xxxxxx-1002 wbinfo -i tim.odriscoll: LAMBROOK\tim.odriscoll:*:2000:100:Tim ODriscoll:/home/LAMBROOK/tim.odriscoll:/bin/false Have I totally messed the idmaps up? I've tried changing my xidNumber to '2000' and I still get an error 53 (path not found) from Windows, and my filesystem permissions still don't map to use...

On Mon, 2023-04-03 at 15:08 +0000, Tim ODriscoll via samba wrote: > Unfortunately it's still erroring out: > (7) mschap: Creating challenge hash with username: host/SL-6S4BBS3.MYDOMAIN.co.uk > (7) mschap: Client is using MS-CHAPv2 Is this set as a UPN (with the realm appended) on the user? -- Andrew Bartlett (he/him) https://samb...

...onses. I'm using ntlm_auth in freeradius to authenticate my wifi users against my AD. In sernet-samba-4.2.14 it was working perfectly. My freeradius server is an AD Member, and I've got two other sernet-samba-4.6.4 AD DC's. $ ntlm_auth --request-nt-key --domain=LAMBROOK --username=tim.odriscoll --password=<mypass> NT_STATUS_OK: Success (0x0) $ ntlm_auth --request-nt-key --domain=LAMBROOK --username=tim.odriscoll --password=<mypass> --challenge=<challenge-from-radtest> --nt-response=<response-from-radtest> Logon failure (0xc000006d) Is it safe to use the challeng...

...st interface version (version = 28) [ 2202]: request location of privileged pipe getgroups root Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED [ 2205]: request interface version (version = 28) [ 2205]: request location of privileged pipe [ 2205]: request misc info [ 2205]: pam auth LAMBROOK+tim.odriscoll child daemon request 13 [ 2160]: dual pam auth LAMBROOK+tim.odriscoll rpc_api_pipe: host mail3.lambrookschool.co.uk rpc_write_send: data_to_write: 376 rpc_read_send: data_to_read: 872 Plain-text authentication for user LAMBROOK+tim.odriscoll returned NT_STATUS_OK (PAM: 0) Finished processing child...

On Sat, 27 May 2017 09:25:24 +0000 Tim ODriscoll via samba <samba at lists.samba.org> wrote: > Hello All, > > I've bitten the bullet and upgraded from sernet-samba-4.2 to > 4.6.4-SerNet-RedHat-7.el7. > > Now my AD users don't show up in Linux, with the result that the > [homes] share fails to connect. Other...

On Tue, 2023-04-04 at 07:55 +0000, Tim ODriscoll wrote: > On Mon, 2023-04-03 at 15:08 +0000, Tim ODriscoll via samba wrote: > > > > > > Unfortunately it's still erroring out: > > (7) mschap: Creating challenge hash with username: host/SL- > > 6S4BBS3.MYDOMAIN.co.uk > > (7) mschap: Client is using MS...

Hi Rowland, On 27 May 2017 11:39: > Hmm, you mention: > > 'idmap_ldb:use rfc2307 = yes' and 'xidNumber' > > Is this on a DC or a Unix domain member ? This is on a DC. I only have two centOS7 AD DC's in my environment.. Tim

On 27 May 2017 12:45: On Sat, 27 May 2017 11:02:36 +0000 Tim ODriscoll <tim.odriscoll at lambrookschool.co.uk> wrote: > The other lines never did anything on a DC. Thank you, I've removed them now.. > Unless you manually add uidNumber attributes to users and gidNumber > attributes to groups, id mapping on a DC is done in idmap.ldb and > results...

Op 03-04-2023 om 16:05 schreef Tim ODriscoll via samba: > Dear All, > > I'm trying to setup FreeRADIUS to authenticate a machine account to grant access to wifi for domain-connected machines. I think I've got the GPO's set up properly and the CA deployed to the clients, as I'm not getting any errors there. > >...

Thank you for your help on this, Rowland. A tweak of PAM and a restart of nscd and suddenly all my file permissions were back. You've saved my weekend :-) Tim

On 27 May 2017 16:07 > After thinking everything was fine, I'm now getting RPC failures on my Windows clients. > I can map a drive with 'net use..', but 'net user tim.odriscoll /domain' returns a 1722 error, 'The RPC server > is unavailable'. Turns out 'authconfig' (used to modify PAM files), also adds a few extra bits to smb.conf. It adds 'security = ads', which breaks my RPC calls for user info. With 'security = ads' commented...

...When running 'winbindd -SFd5', I see a little more of the problem after I run my two ntlm_auth commands > one after the other. I believe the 'crap' part is an acronym for 'Challenge Response > Authentication Protocol', so why would it be failing? Edit2: wbinfo -a tim.odriscoll%<mypass> works perfectly, with the winbindd debug logs showing the same output as ntlm_auth except with success messages. So, am I correct in assuming the challenge/response's that freeradius is calculating are incorrect? Many thanks, Tim

...to me) on the command line: # wbinfo -t checking the trust secret for domain MYDOMAIN via RPC calls succeeded # wbinfo -p Ping to winbindd succeeded # ls -ld /var/lib/samba/winbindd_privileged/ drwxr-x---+ 2 root radiusd 18 Apr 1 21:39 /var/lib/samba/winbindd_privileged/ # ntlm_auth --username=tim.odriscoll Password: : (0x0) Samba's config has this on the member (FR) server and all the DCs: ntlm auth = mschapv2-and-ntlmv2-only But I'm getting this back from FreeRADIUS: (7) mschap: Creating challenge hash with username: host/SL-6S4BBS3.MYDOMAIN.co.uk (7) mschap: Client is using MS-...

On Sat, 27 May 2017 11:02:36 +0000 Tim ODriscoll <tim.odriscoll at lambrookschool.co.uk> wrote: > Hi Rowland, > > On 27 May 2017 11:39: > > Hmm, you mention: > > > > 'idmap_ldb:use rfc2307 = yes' and 'xidNumber' > > > > Is this on a DC or a Unix domain member ? > > This is on...

On Sat, 27 May 2017 12:53:16 +0000 Tim ODriscoll via samba <samba at lists.samba.org> wrote: > I've got winbind in my nsswitch.conf. I don't want to grant user > access to the servers via ssh or anything, so I don't need > pam_winbind, right? > > What does the mapping of uidNumber to username on the filesystem...

...lanman auth = no", "ntlm auth = no" and "raw NTLMv2 auth = no"./ I setup freeradius with samba 4.5.3 AD some time ago for 802.1x and I had to change my smb.conf accordingly, otherwise I was also getting mschapv2 failures. Hope it helps. W dniu 2017-05-29 o 14:50, Tim ODriscoll via samba pisze: > On 29 May 2017 12:32 >> When running 'winbindd -SFd5', I see a little more of the problem after I run my two ntlm_auth commands > one after the other. I believe the 'crap' part is an acronym for 'Challenge Response >> Authentication Protocol...

Hi Matthias, > Can you write up some of your findings please? I've not got my setup exactly as I want it yet. Once it's ready and I can document it, I will make it available. I also used the guide from freeradius, as well as many other snippets I found. Now I have to remove them all to see which ones are superfluous..

Hello All, Is it possible to migrate from 4.2.14-SerNet-RedHat-23.el7 to samba-4.4.4-13.el7_3.x86_64 on centOS7? I've got two centos7 servers running sernet versions of samba. Both are AD DC's, with 600 users. If I run yum install samba4, I get a promising error back: Package samba-4.4.4-13.el7_3.x86_64 is obsoleted by 99:sernet-samba-4.2.14-23.el7.x86_64 which is already installed So,

On Tue, 2023-04-04 at 09:37 +0200, Kees van Vloten wrote: > Op 04-04-2023 om 00:32 schreef Andrew Bartlett: > > > > > On Mon, 2023-04-03 at 15:08 +0000, Tim ODriscoll via samba wrote: > > > > > Unfortunately it's still erroring out: > > > (7) mschap: Creating challenge hash with username: host/SL-6S4BBS3.MYDOMAIN.co.uk > > > (7) mschap: Client is using MS-CHAPv2 > > > > Is this set as a UPN (with the realm app...