Displaying 20 results from an estimated 6000 matches similar to: "samba 4 & preexisting openldap servers"
2023 Apr 06
1
Fwd: ntlm_auth and freeradius
I can share my notes, we authenticate UniFi clients via Freeradius against Samba AD. We also check group membership which you might or might not need:
## 4 FreeRADIUS
### 4.1 Basics
```bash
apt install freeradius freeradius-ldap freeradius-utils
# create new DH-params
openssl dhparam -out /etc/freeradius/3.0/certs/dh 2048
```
### 4.2 Configure Authentication
- modify mschap to use winbind,
2023 Apr 12
1
Fwd: ntlm_auth and freeradius
Hello Alexander,
thanks Alexander for these configuration snippets.
Which version of Samba are you using? Is this on debian bullseye? Is the
FreeRADIUS server installed on a DC or on a Domain Member? (I just
tested the latter).
is "ntlm auth = yes" OK for the DCs and the domain member or does it
have to be "mschapv2-and-ntlmv2-only" for all servers (DCs + Member)? It
2023 Apr 12
1
Fwd: ntlm_auth and freeradius
Hi Matthias,
we?re using Debian Bullseye with the backports repo. So version is a mixture of
- Samba version 4.17.3-Debian
- Samba version 4.17.7-Debian
We?ve installed it directly on the DC?s as well.
In my opinion using "ntlm auth = yes? should be fine.
Did you try using a simple RADIUS secret? In my experience long secrets or ones containing special characters don?t work very well. I
2023 Apr 12
2
Fwd: ntlm_auth and freeradius
Hi Alexander,
I'm terribly sorry. We didnt have the "ntlm auth" parameter configured
on the DCs at all. I added it and it just works.
Thanks for your help.
Now I just need to figure out how I can make WLAN-specific LDAP-Group
authentication.
e. g. production WLAN needs LDAP group "wlan_production" and management
WLAN needs the "wlan_management" group.
I
2016 Dec 20
0
Problem with keytab: "Client not found in Kerberos database"
Rowland Perry wrote:
> >/imdap config AD : backend = rid /> >/ > /> How did you 'fix' this, on face value, there is nothing wrong with that line.
"imdap" is not "idmap"
(so now you understand why I missed it after staring at it so long :-)
> When you join the domain with 'kerberos method = secrets and keytab',
> you should get a
2019 Sep 30
0
problems after migrating NT domain to AD (samba 4.7.x)
Just follow this and it "just works"
https://wiki.samba.org/index.php/Authenticating_Freeradius_against_Active_Directory
And this is asking for problems.
workgroup = WSISIZ.EDU.PL
Read : https://social.technet.microsoft.com/wiki/contents/articles/34981.active-directory-best-practices-for-internal-domain-and-network-names.aspx
And from this link :
2019 Sep 28
5
problems after migrating NT domain to AD (samba 4.7.x)
Dear List,
My domain +/- works, so I try to fix rest services based on domain NT/AD....
I use WiFi authorization with PEAP/MSCHAPv2 + freeradius (before
migration it works).
And after migration autorization does not work.
Freeradius server is on samba domain member.
So i check domain connectivity:
[root at see-you-later samba]# net ads testjoin
Join is OK
[root at see-you-later samba]#
2016 Dec 20
3
Problem with keytab: "Client not found in Kerberos database"
On Tue, 20 Dec 2016 13:50:40 +0000
Brian Candler via samba <samba at lists.samba.org> wrote:
> Rowland Perry wrote:
> > >/imdap config AD : backend = rid /> >/ > /> How did you 'fix'
> > >this, on face value, there is nothing wrong with that line.
>
>
> "imdap" is not "idmap"
>
> (so now you understand why I
2016 Dec 21
0
Problem with keytab: "Client not found in Kerberos database"
On 20/12/2016 14:10, Rowland Penny wrote:
>> I can't use rlm_krb5, because I plan to use PEAP+MSCHAP for wifi
>> authentication. The krb5 module requires a cleartext password, but
>> MSCHAP does not pass a cleartext password. (It is possible to use
>> krb5 authentication with TTLS+PAP or TTLS+GTC, both of which send a
>> cleartext password)
> You might want to
2003 Oct 31
2
MSCHAPv2 microsoft client/linux/Active Directory
Hello all,
I was not able to find much on this in the archives so I hope someone
can help
Me with this.
Can samba 3.x help the authentication of a Microsoft client
authenticating with
MSCHAPv2 passwords to my linux box which we use to authenticate a user
stored
on a Microsoft Active Directory server. The authentication request
comes in through
RADIUS which I can convert to LDAP,but that
2006 Jun 12
0
Active Directory Integration with FreeRADIUS - NTLM_Auth
Hello,
I am trying to walk through the following document:
http://homepages.lu/charlesschwartz/radius/freeRadius_AD_tutorial.pdf
in order to authenticate Cisco router and switch logins against
FreeRadius/Active Directory. Using the HowTo, I have successfully
joined a FC2 box to our Windows 2003 AD for testing purposes. I have
also successfully used the manual ntlm_auth command to authenticate
2007 Apr 26
1
ntlm_auth to AD with only ntlmv2 enabled failing
Hello,
We have samba 3.0.23 installed. We are using free radius to take
authentication requests from a nortel vpn server and using ntlm_auth
trying to authenticate users against AD.
This setup works fine when on the AD side ntlmv1 and ntlmv2 are enabled.
(IE. Users can authenticate).
However, when only ntlmv2 is enabled users are unable to authenticate.
I have searched various places and while
2023 Apr 03
2
[EXTERNAL] Fwd: ntlm_auth and freeradius
> I guess we have to look at the conf files then, first these two:
Thank you for the config file snippets. I can confirm mine were almost identical, so I've tweaked them so that they are now exactly the same as yours except for the "--require-membership-of=example\authorization_groupname" line in ntlm_auth.
Unfortunately it's still erroring out:
(7) mschap: Creating
2020 Apr 30
1
dreplsrv memory
Hi Rowland,
One of my DC is offline because Adsl is down and I can't physicaly reboot modem (Covid confinement) :-/
Here is my headbridge DC config:
[global]
workgroup = PR
realm = pr.educationetformation.fr
netbios name = DC000
server role = active directory domain controller
bind interfaces only = yes
interfaces = lo eth0
printcap
2016 Apr 11
1
how to manually specify domain controllers
On 11 April 2016 at 15:28, Rowland penny <rpenny at samba.org> wrote:
> On 08/04/16 21:19, Dennis Xu wrote:
>
>> We have two Samba 4.2.3 servers with FreeRadius to authenticate wireless
>> users against active directory. Using DNS, sometimes both servers end up
>> using the same domain controller to authenticate users. I would like to
>> distribute the load to
2018 Mar 28
0
ODP: Re: freeradius + NTLM + samba AD 4.5.x
Hi,
thank you very much for testing everything out. Great work!
One question: passchange - which application are working with passchange
on radius ?
In the moment every user with an expired password is NOT able to use
services using radius
for authentication (WLAN,VPN). Is there any documentation available ?
Bye, Peer
On 27.03.2018 22:40, Kacper Wirski via samba wrote:
> Hello,
>
>
2023 Apr 03
2
Fwd: ntlm_auth and freeradius
Op 03-04-2023 om 16:05 schreef Tim ODriscoll via samba:
> Dear All,
>
> I'm trying to setup FreeRADIUS to authenticate a machine account to grant access to wifi for domain-connected machines. I think I've got the GPO's set up properly and the CA deployed to the clients, as I'm not getting any errors there.
>
> The errors I'm getting are to do with ntlm_auth not
2023 Apr 03
2
ntlm_auth and freeradius
Op 03-04-2023 om 16:05 schreef Tim ODriscoll via samba:
> Dear All,
>
> I'm trying to setup FreeRADIUS to authenticate a machine account to grant access to wifi for domain-connected machines. I think I've got the GPO's set up properly and the CA deployed to the clients, as I'm not getting any errors there.
>
> The errors I'm getting are to do with ntlm_auth not
2013 Feb 22
6
Samba 4 and freeradius
Hi,
My goal is to make use of samba 4 and freeradius to authenticate user to use wifi network (WPA2 enterprise).
The setup is to setup Samba 4.0.3 in machine A and setup freeradius in machine B.
By reading:
Document A: http://wiki.samba.org/index.php/Samba4/beyond
Document B: https://wiki.samba.org/index.php/Samba4/HOWTO/Virtual_Private_Network
Document C:
2005 Nov 02
1
how to use ntlm_auth
Hi,
I want to know how to use ntlm_auth with ntlm-server-1 and freeradius,
with the users login and password information in ldap.
I have read documentation of ntlm_auth (only found the man page), docs
and howtos about pptp and squid, i don't found about freeradius, and i'm
experimenting with the options of ntlm_auth.
I have configured freeradius+ldap+802.1X for a wireless lan, but i