search for: raddb

...l PC from a switch port, so I have not followed through with the EAP portion of the HowTo. Here is the output of the Radiusd -X and the attempted telnet login to the switch: # radiusd -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/eap.conf Config: including file: /etc/raddb/sql.conf main: prefix = "/usr" main: localstatedir = "/var" main: logdir = "/var...

I upgraded one of my servers to CentOS 5.4 today. The freeradius service (radiusd) didn't start up due to permissions errors. I tracked it to the permissions on the /etc/raddb/certs/ directory being set to 640 rather than 750, so the radius user couldn't enter the directory. In the spec file from the source rpm, line 200 should read: %attr(750,root,radiusd) %config (noreplace) /etc/raddb/certs rather than the current: %attr(640,root,radiusd) %config (noreplace) /e...

Hello, On a Server running FreeBSD 4.6-STABLE, I have a script which runs from a crontab. The problem I am encountering is as follows: opening connection using ssh zing.crosswind.net rsync --server --sender -vvvlogDtprz . /etc/raddb/users Aborted by user! rsync: connection unexpectedly closed (0 bytes read so far) rsync error: error in rsync protocol data stream (code 12) at io.c(150) _exit_cleanup(code=12, file=io.c, line=150): about to call exit(12) The strange thing is, if I run the script by hand, i.e. ./users it works...

...the rules by deleting the root qdiscs on the interface, but that removes all rules for the entire interface, which is not the desired operation. Also, a quick test by hand shows that it is only from having a child class assigned to it that it becomes un-deletable. This works fine: wireless-r1 raddb # tc class add dev wivl4 parent 5:0 classid 5:56 hfsc ls m1 1536.0Kbit d 2000ms m2 256.00Kbit ul m2 1024Kbit wireless-r1 raddb # tc class del dev wivl4 parent 5:0 classid 5:56 hfsc ls m1 1536.0Kbit d 2000ms m2 256.00Kbit ul m2 1024Kbit This does not: wireless-r1 raddb # tc class add dev wivl4 p...

...e.sambadom.org -b "ou=accounting,dc=sambadom,dc=org" -D "cn=ldapuser,cn=users,dc=sambadom,dc=org" "(cn=peter)" Also, ldap module of freeradius is configured as follows (ldap part in sites-enabled/default and inner-tunnel is configured also.) /usr/local/freeradius/etc/raddb/modules/ldap ============================= ldap { server = "file.sambadom.org" password = "asecurepassword" identity = "cn=ldapuser,cn=users,dc=samba4,dc=yauoi,dc=org" basedn = "ou=accounting,dc=sambadom,dc=org" filter...

...e we used from "https://launchpad.net/~linux-schools/+archive/ubuntu/samba-latest". As an example, joined 2 ADs successfully with 2 different smb configuration files. - smb.domainA.com - smb.domainB.com The winbindd is running /usr/sbin/winbindd --foreground --configfile=/opt/nac/radius/raddb/smb.domainA.com /usr/sbin/winbindd --foreground --configfile=/opt/nac/radius/raddb/smb.domainB.com The smb.domainA.com looks like this. [global] log level = 3 workgroup = DOMAINA security = ads password server = 10.54.20.12 realm = DOMAINA.COM netbios name = nac20180 ntlm auth =...

...??? ntlm auth = mschapv2-and-ntlmv2-only ntlm_auth by hand works [root at see-you-later samba]# /usr/bin/ntlm_auth --allow-mschapv2 --request-nt-key --domain=WSISIZ.EDU.PL --username=test Password: NT_STATUS_OK: The operation completed successfully. (0x0) relevant info from radius config /etc/raddb/mods-enabled/mschap mschap { use_mppe = yes require_encryption = yes require_strong = yes ntlm_auth = "/usr/bin/ntlm_auth --allow-mschapv2 --request-nt-key --domain=WSISIZ.EDU.PL --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} --challenge=%{%{mschap:Challenge}:-00} --nt-resp...

...t; ntlm_auth by hand works > > [root at see-you-later samba]# /usr/bin/ntlm_auth --allow-mschapv2 > --request-nt-key --domain=WSISIZ.EDU.PL --username=test > Password: > NT_STATUS_OK: The operation completed successfully. (0x0) > > > relevant info from radius config /etc/raddb/mods-enabled/mschap > > mschap { > use_mppe = yes > > require_encryption = yes > > require_strong = yes > > ntlm_auth = "/usr/bin/ntlm_auth --allow-mschapv2 --request-nt-key > --domain=WSISIZ.EDU.PL > --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-No...

...a Radius server is unreachable. I use radius authentication with pam my system-auth is the following auth [success=done auth_err=die default=ignore] /lib/security/pam_radius_auth.so try_first_pass debug auth [success=ignore auth_err=ignore default=ignore] pam_nologin.so file=/etc/raddb/radiusfailure auth required /lib/security/pam_unix.so likeauth nullok md5 shadow auth required /lib/security/pam_tally.so deny=2 per_user no_magic_root even_deny_root_account account required /lib/security/pam_unix.so account required /lib/securit...

Hello my goal is to write an authentication module for the Symfony php framework, which would provide SSO capabilities to browsers that are logged in an MS AD domain and support the NTLMv2 protocol. Ideally this module would run on linux servers, and be portable, i.e. require as few non-php tools and network/firewall settings as possible (that's why I eschewed the existing Apache modules

Hai, It does not happen often but yes, i also need some help as i cant know everything also and im new with freeradius. Im working on a configuration for samba member + freeradius with ntlm_auth. Why ntlm_auth, because the next one is kerberos and ldap auth to configure.. I want to have some fallback options here and you have to start somewhere. This is running on my new proxy/gateway

...velops TLS errors. We can search and authenticate against the LDAP server with Apache, and with ldapsearch using ldaps:// URLs and with start_tls. If I ask the freeradius community, I am told unequivocally to use OpenSSL not NSS. (currently, radiusd is finding the server CA certificate in /etc/raddb/certs/cert8.db but the client certificate in a PEM file after looking in cert8.db first) Is this possible with the standard CentOS builds, and if so, is there a tutorial or examples anywhere ? If not, has anyone solved this problem ? -- Andrew Daviel, TRIUMF, Canada

Hi Gaetano, Good plan, I'd be very interested in your work as I am starting to look at symfony here, also! I do have ntlm_auth working perfectly using Samba 4 (and with badlock patches). I use it with freeradius, not squid. An extract from my /etc/raddb/modules/mschap, if it helps: ntlm_auth = "/usr/local/samba/bin/ntlm_auth --request-nt-key --username=%{%{mschap:User-Name}:-%{%{User-Name}:-None}} --domain=%{%{mschap:NT-Domain}:-MYDOMAIN} --challenge=%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00}" You might get so...

...is correct. If issues "wbinfo -u" or "wbinfo -g" they give an error about being unable to retrieve any users or groups. Just to test whether I could authenticate against the domain, I tried using ntlm_auth with the following commands and was unable to authenticate: > /etc/raddb # ntlm_auth --debuglevel 10 --username=<correct name here> --domain=<correct domain here> --password '<correct password here>' [2008/08/25 17:16:49, 5] lib/debug.c:debug_dump_status(391) INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0...

We have this running but on a DC (Samba 4.10.7). we have this line in /etc/raddb/mods-enabled/mschap. Only this line! DOMAIN is the actual netbio name of the domain. ntlm_auth = "/usr/bin/ntlm_auth --allow-mschapv2 --request-nt-key --username=%{mschap:User-Name:-None} --domain=DOMAIN --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}" Do y...

On Mon, 2023-04-03 at 15:08 +0000, Tim ODriscoll via samba wrote: > Unfortunately it's still erroring out: > (7) mschap: Creating challenge hash with username: host/SL-6S4BBS3.MYDOMAIN.co.uk > (7) mschap: Client is using MS-CHAPv2 Is this set as a UPN (with the realm appended) on the user? -- Andrew Bartlett (he/him) https://samba.org/~abartlet/ Samba Team Member (since 2001)

...ad_pwd_count) I've got this on all my DC's /etc/samba/smb.conf files: ntlm auth = mschapv2-and-ntlmv2-only So, am I correct in thinking that the ntlm_auth client is not using ntlmv2? FreeRADIUS reports this on the error: (21) Found Auth-Type = mschap (21) # Executing group from file /etc/raddb/sites-enabled/default (21) authenticate { (21) mschap: Client is using MS-CHAPv1 with NT-Password (21) mschap: Executing: /usr/bin/ntlm_auth --request-nt-key --username=%{%{mschap:User-Name}:-00} --allow-mschapv2 --domain=lambrook --challenge=%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT...

...Christian Naumer via samba > Verzonden: vrijdag 30 augustus 2019 12:53 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Samba 4.10.7 + freeradius 3.0.17 > +ntlm_auth - Debian buster > > We have this running but on a DC (Samba 4.10.7). > > we have this line in /etc/raddb/mods-enabled/mschap. Only this line! > DOMAIN is the actual netbio name of the domain. > > > ntlm_auth = "/usr/bin/ntlm_auth --allow-mschapv2 --request-nt-key > --username=%{mschap:User-Name:-None} --domain=DOMAIN > --challenge=%{mschap:Challenge:-00} > --nt-response=%{...

...;> Verzonden: vrijdag 30 augustus 2019 12:53 >> Aan: samba at lists.samba.org >> Onderwerp: Re: [Samba] Samba 4.10.7 + freeradius 3.0.17 >> +ntlm_auth - Debian buster >> >> We have this running but on a DC (Samba 4.10.7). >> >> we have this line in /etc/raddb/mods-enabled/mschap. Only this line! >> DOMAIN is the actual netbio name of the domain. >> >> >> ntlm_auth = "/usr/bin/ntlm_auth --allow-mschapv2 --request-nt-key >> --username=%{mschap:User-Name:-None} --domain=DOMAIN >> --challenge=%{mschap:Challenge:-00}...

On 04/13/2016 08:44 PM, ???? wrote: > # mount > /dev/mapper/VolGroup-lv_root on / type ext4 (rw,usrquota,grpquota) > proc on /proc type proc (rw) > sysfs on /sys type sysfs (rw) > devpts on /dev/pts type devpts (rw,gid=5,mode=620) > tmpfs on /dev/shm type tmpfs (rw) > /dev/vda1 on /boot type ext4 (rw) > /dev/vdb on /mnt/extradiskA type ext4 (rw,usrquota,grpquota) >