similar to: Authenticating users via samba to an active directory

Displaying 20 results from an estimated 4000 matches similar to: "Authenticating users via samba to an active directory"

2006 Mar 09
2
Using ntlm_auth to authneticate to an NTLMv2 AD
Chaps, I'm trying to get a radius server to authenticate to AD via the samba ntlm_auth program. I've just built samba vsn 3.0.21c with the following config parameters ./configure --with-pam --enable-socket-wrapper --with-ldapsam --with-syslog --with-ldap --with-winbind My smb.conf has global] workgroup = ADIR security = domain password server = 150.237.54.198 realm =
2006 Feb 23
1
Problems joining a RHEL4.0 version of samba to an active directory
Chaps, I'm trying to join a RHEL 4.0 Linux server to an active directory domain. The server in question runs a RADIUS server and I need it to be able to authenticate users via AD. Basically when we try running net ads join member -I 150<an ip address> -U <admin user> -d 2 we get [2006/02/23 10:05:20, 2] lib/interface.c:add_interface(79) added interface ip=150.237.47.22
2005 Nov 21
0
Re: 802.1x machine authentication patch help
I found my problem. From Andrew Bartlett himself "This is not supported against NT4. Only Samba 3.0.21rc1 and AD support this extra flag." To do machine authentication with freeradius, your workstation (supplicant) and samba server must be a member of a 2000/2003 domain. I had the supplicant and samba server still a member of the nt4 domain. Once I changed this, it worked great.
2019 Nov 13
0
FreeRADIUS & SAMBA when Active Directory domain is not a FQDN
FreeRAIDUS is checking for a username in the format of [user]@[internet domain] for Eduroam (World wide WiFi network, mostly used by Education), if it is not a locally defined Internet domain it then refers the RADIUS request to a higher level RADIUS server. However if it's our defined domain e.g. EXAMPLE.COM it will check with our AD server. Normally the sAMAccountName & AD domain pair is
2011 Nov 07
1
Call supplicant on link detection
Dear all, I have a working 802.1x structure with a bunch of Cisco switches, and a couple of NPS RADIUS servers. 802.1x auhtentication with MSCHAPv2 is working with Windows clients and I need to get some Centos clients into the structure. I've been using wpa_supplicant and now it would be usefull to have an auto start script when the interface detects a link and call the supplicant to
2009 Oct 09
0
ntlm_auth, universal principal name, multi-domain active directory - can samba authenticate?
I posted a similar message on the freeradius list a few months ago and it was suggested I come here. Now that this effort is once again underway I am looking for some assistance. We are trying to replace our existing AAA solution with FreeRadius. The user base is contained in an Active Directory single forest-multi domain model. The only feature of samba that we need to leverage is the
2016 Dec 21
0
Problem with keytab: "Client not found in Kerberos database"
On 20/12/2016 14:10, Rowland Penny wrote: >> I can't use rlm_krb5, because I plan to use PEAP+MSCHAP for wifi >> authentication. The krb5 module requires a cleartext password, but >> MSCHAP does not pass a cleartext password. (It is possible to use >> krb5 authentication with TTLS+PAP or TTLS+GTC, both of which send a >> cleartext password) > You might want to
2008 May 06
0
Tunning EAP-TTLS with PAP
Hi, I have a freeradius server that is working well in university. We use EAP-TTLS and PAP protocols. Users from Windows can use Securew2. Users from Linux and Mac OS X luckily have native support for EAP-TTLS and PAP. (if you think is Off Topic, keep reading on). On Ubuntu I can use the nm-applet for setting the connection up. But I'd want to find a way to automatize it, that it finds the
2019 Nov 12
2
FreeRADIUS & SAMBA when Active Directory domain is not a FQDN
OS is Centos 7; FreeRADIUS Version 3.0.13; Samba version 4.9.1; I'm building a FreeRADIUS box for Eduroam authentication for both SP & IDP, and have hit a stumbling block I can?t figure or Google my way out of. The issue is the local AD domain is along the lines of ?example.campus?, but users have a UPN of ?user at example.com? which was added for Skype for Business as prior the UPN
2011 Sep 14
0
Wireless Production Servers Authentication of Active Directory with Inconsistent NTLM Auth Failures
Hi I work for a medium sized University and have recently set up some new infrastructure to authenticate our wireless users of Active Directory. Every thing was working as expected or so I thought. I set up a monitoring script that performs an ntlm_auth every minute and it shows that the authentication is failing inconsistently but for around 5 minutes at a time (see below). There are two
2019 Nov 14
1
FreeRADIUS & SAMBA when Active Directory domain is not a FQDN
On Wed, 2019-11-13 at 22:21 +0000, Steve Bluck via samba wrote: > FreeRAIDUS is checking for a username in the format of > [user]@[internet domain] for Eduroam (World wide WiFi network, mostly > used by Education), if it is not a locally defined Internet domain it > then refers the RADIUS request to a higher level RADIUS server. > However if it's our defined domain e.g.
2013 Dec 19
2
Centos6.5 -- Broadcom BCM4313 -- having trouble connecting
Dear All, I'm having trouble on 2 laptops Lenovo B580 since upgrading to Centos6.5. ( Because it's a Lenovo I cannot switch the network card for a better supported network card. ) There on the latest kernel : root at jac network-scripts]# uname -a Linux jac.cawdekempen 2.6.32-431.1.2.0.1.el6.x86_64 #1 SMP Fri Dec 13 13:06:13 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux With the help of
2016 Apr 04
0
knit and smbclient executed with different users but no error thrown
Hi Paul, I think -U is just ignored when -k and a valid ticket is available. Here you have a valid ticket, you use -k to ask smbclient to use credentials from that ticket, and you add -U for another user. Please try same smbclient command without -k, it should ask you the password for test123 user. That's not a bug, for me it is a lack of documentation on how to use -k switches with almost
2016 Apr 01
2
knit and smbclient executed with different users but no error thrown
Hi, I am using different users while executing kinit and smbclient as shown below, but I am not getting any error. How can a initial ticket granted to one user can be used for another user. Can you give some clarification. I am not an expert hence this doubt. I am using win 2003 AD. [root at 0050568B7DEB samba-4.3.4]# klist klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_0)
2019 Mar 03
0
Joining a DC, was (no subject)
I *think* we're all on the same page now. My suggestion was adding an additional entry to the UPN Suffixes list, and using that suffix (without "ad.") when creating new users. This Microsoft doc [1] says: > By convention, this should map to the user's email name. The point of > the UPN is to consolidate the email and logon namespaces so that the > user only needs to
2023 Mar 08
2
winbindd with LDAPS
Hi, We have a samba installation (4.17.5) where a winbindd is part of an AD domain and used to authenticate radius (radiator) logins. The thing is, the AD administration is closing port 386 on the password server and only allowing requests on 636 (ldaps). I don't seem to be able to change the winbindd to use the ldaps port. Tried ldap ssl = start tls ldap ssl ads = yes tls enabled = yes
2019 Mar 03
0
Joining a DC, was (no subject)
> > > > The 'Nooooo, don't do that is: > > > > Don't change the UPN > > > > > > Why not? It's a recommended best practice to choose a subdomain of > > > your primary domain (e.g. "ad.example.com"), and then add alternate > > > UPN suffix which allows user logons to match their email addresses. > > >
2019 Mar 03
3
Joining a DC, was (no subject)
> > > The 'Nooooo, don't do that is: > > > Don't change the UPN > > > > Why not? It's a recommended best practice to choose a subdomain of > > your primary domain (e.g. "ad.example.com"), and then add alternate > > UPN suffix which allows user logons to match their email addresses. > > > > In fact, this page on the
2019 Nov 13
3
FreeRADIUS & SAMBA when Active Directory domain is not a FQDN
Hi Rowland, Apologies for the tardy reply, I mistakenly set the mailing list to digest... Thanks for the suggestion, I'll ask the AD guys about this but I have a feeling it is an unlikely solution as Office 365 & Skype for Business apparently relies on the UPN. Unfortunately the local domain is a result of following Microsoft's "Best Practice" in the early 2000's which
2023 Mar 08
1
winbindd with LDAPS
On 08/03/2023 12:58, jose.celestino--- via samba wrote: > Hi, > > We have a samba installation (4.17.5) where a winbindd is part of an > AD domain and used to authenticate radius (radiator) logins. > > The thing is, the AD administration is closing port 386 on the > password server and only allowing requests on 636 (ldaps). > > I don't seem to be able to change