similar to: Samba keeps resetting smbpasswd permissions

Hi, we use PXELINUX in our product to show a boot menu on client computers, with options like "Boot from local hard disk", "Install Windows", etc. Unfortunately, a lot of computers seem to have broken BIOSes and won't boot with the LOCALBOOT command, and need to be booted with chain.c32 instead. We also have encountered some computers where it works only the other way -

I can share my notes, we authenticate UniFi clients via Freeradius against Samba AD. We also check group membership which you might or might not need: ## 4 FreeRADIUS ### 4.1 Basics ```bash apt install freeradius freeradius-ldap freeradius-utils # create new DH-params openssl dhparam -out /etc/freeradius/3.0/certs/dh 2048 ``` ### 4.2 Configure Authentication - modify mschap to use winbind,

Hello Alexander, thanks Alexander for these configuration snippets. Which version of Samba are you using? Is this on debian bullseye? Is the FreeRADIUS server installed on a DC or on a Domain Member? (I just tested the latter). is "ntlm auth = yes" OK for the DCs and the domain member or does it have to be "mschapv2-and-ntlmv2-only" for all servers (DCs + Member)? It

Hi Matthias, we?re using Debian Bullseye with the backports repo. So version is a mixture of - Samba version 4.17.3-Debian - Samba version 4.17.7-Debian We?ve installed it directly on the DC?s as well. In my opinion using "ntlm auth = yes? should be fine. Did you try using a simple RADIUS secret? In my experience long secrets or ones containing special characters don?t work very well. I

Hi Alexander, I'm terribly sorry. We didnt have the "ntlm auth" parameter configured on the DCs at all. I added it and it just works. Thanks for your help. Now I just need to figure out how I can make WLAN-specific LDAP-Group authentication. e. g. production WLAN needs LDAP group "wlan_production" and management WLAN needs the "wlan_management" group. I

https://bugzilla.samba.org/show_bug.cgi?id=10637 Summary: rsync --link-dest should break hard links when encountering "Too many links" Product: rsync Version: 3.0.9 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P5 Component: core AssignedTo:

https://bugzilla.mindrot.org/show_bug.cgi?id=1695 Summary: ssh-add -D does not delete all keys Product: Portable OpenSSH Version: 5.2p1 Platform: All OS/Version: Linux Status: NEW Severity: major Priority: P2 Component: ssh-add AssignedTo: unassigned-bugs at mindrot.org ReportedBy:

We have this running but on a DC (Samba 4.10.7). we have this line in /etc/raddb/mods-enabled/mschap. Only this line! DOMAIN is the actual netbio name of the domain. ntlm_auth = "/usr/bin/ntlm_auth --allow-mschapv2 --request-nt-key --username=%{mschap:User-Name:-None} --domain=DOMAIN --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}" Do you users login in

Guys, Christian, Marco, Thank you very much. Marco, you have the best internal wiki :-) Very very usefull. Whooe.. Most is working atm. And as always the solution was so simpel.. I forgot... To .. Add... ntlm auth = mschapv2-and-ntlmv2-only To the DC's smb.conf. :-/ pretty stupid.. But. So far, it looks good. I've tested now. radtest -t mschap username 'passwd'

Am 30.08.19 um 13:09 schrieb L.P.H. van Belle via samba: > Now Christian, this failes for me. > radtest -t mschap 'NTDOM\username" 'passwd' localhost 0 testing > ( MS-CHAP-Error = "\000E=691 R=1 C=58f41f1a946ac94a V=2") > > So my question here is, are the username at REALM logins also working for you. > And are you using in smb.conf : winbind use

Hai, Have you seen : https://wiki.samba.org/index.php/Authenticating_Freeradius_against_Active_Directory Test with : ntlm_auth --allow-mschapv2 --request-nt-key --domain=COMPANY --username=domainuser --password=userpassword Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Oleg > Blyahher via samba > Verzonden:

Hi, My goal is to make use of samba 4 and freeradius to authenticate user to use wifi network (WPA2 enterprise). The setup is to setup Samba 4.0.3 in machine A and setup freeradius in machine B. By reading: Document A: http://wiki.samba.org/index.php/Samba4/beyond Document B: https://wiki.samba.org/index.php/Samba4/HOWTO/Virtual_Private_Network Document C:

Hai, It does not happen often but yes, i also need some help as i cant know everything also and im new with freeradius. Im working on a configuration for samba member + freeradius with ntlm_auth. Why ntlm_auth, because the next one is kerberos and ldap auth to configure.. I want to have some fallback options here and you have to start somewhere. This is running on my new proxy/gateway

Hello Tim, Hello samba-people, is there an uptodate guide for authenticating via freeradius somewhere? I have some Ubiquiti APs plus a Cloud Key and I want to authenticate WLAN clients via WPA2-Enterprise instead of a (shared) PSK. It seems like https://wiki.samba.org/index.php/Authenticating_Freeradius_against_Active_Directory is missing some steps (basic setup of freeradius). Can you

Hi there, I'm trying to get FreeRADIUS to authenticate against my Samba DC. It's Samba 4.7.6-ubuntu running on Ubuntu 18 (kernel version 4.15.0-66-generic). It came nicely packaged with Zentyal, which provides a nice GUI for managing a domain, as well as a CA and lots of cool small features. That same Zentyal also includes support for FreeRADIUS (3.0.16). This is my smb.conf:

Prepaid app can not connect to the database, [app_prepaid.so] => (Prepaid Application) == Parsing '/etc/asterisk/prepaid.conf': Found Jun 22 14:38:43 ERROR[-1084964736]: app_prepaid.c:127 check_connected: app_prepaid: cannot connect to database server localhost. Calls will not be logged == Registered application 'Prepaid' Here is pgsql confs; pg_hba.conf: ------------

I use log.%M to get per client logs. This works but I always end up with - [root@littleboy root]# cd /var/log/samba [root@littleboy samba]# ls -l log.pc01699 -rw-r--r-- 1 root root 2642617 Nov 12 07:30 log.pc01699 [root@littleboy samba]# host pc01699 pc01699.morrison.iserv.net has address 192.168.19.191 [root@littleboy samba]# host 192.168.19.191 191.19.168.192.in-addr.arpa domain

Package: xen-hypervisor-4.4-amd64 Version: 4.4.1-9+deb8u4 Severity: important Dear Maintainer, I installed a fresh Debian Jessie amd64 on our new server with Intel Xeon E3-1270 v5 Skylake CPU and EFI. Linux without Xen boots flawlessly and shows 8 CPU cores. I then tried all combinations of Xen 4.4 (with xsave=off for Skylake support), Xen 4.6 (crashes after a few seconds during boot) and

Hi Sabine and Christoph, I've just committed a few changes to mge-utalk (r2749). can you please try a snapshot and report back the results: http://new.networkupstools.org/download.html#Snapshots cheers, Arnaud -- Linux / Unix Expert R&D - Eaton - http://powerquality.eaton.com Network UPS Tools (NUT) Project Leader - http://www.networkupstools.org/ Debian Developer -

Hello, when deploying drivers via Point-and-Print recent Windows (tested with Windows 10 1607) asks the user to confirm the driver installation. An appropriate Policy [1] is set up so that no user interaction should be required for the driver installation. There are similar reports [2,3] that identify updates KB3163912, KB3172985 and KB3170455 causing these issues. However, Windows 10 1607