similar to: how to manually specify domain controllers

On 11 April 2016 at 15:28, Rowland penny <rpenny at samba.org> wrote: > On 08/04/16 21:19, Dennis Xu wrote: > >> We have two Samba 4.2.3 servers with FreeRadius to authenticate wireless >> users against active directory. Using DNS, sometimes both servers end up >> using the same domain controller to authenticate users. I would like to >> distribute the load to

Hello, I see this error when trying "wbinfo -g": [2016/06/09 13:55:33.617151, 3, pid=11847, effective(0, 0), real(0, 0)] ../source3/libads/ldap.c:904(ads_do_paged_search_args) ads_do_paged_search_args: ldap_search_with_timeout((&(objectCategory=group)(&(groupType:dn:1.2.840.113556.1.4.803:=-2147483648)(!(groupType:dn:1.2.840.113556.1.4.803:=1))))) -> Time limit exceeded

On 2016-06-09 at 10:17 -0400, Dennis Xu wrote: > Hi Michael, > > Thank you for your suggestion. > > I did clone the server. After the clone, the server was not > join to domain automatically, then I join the server to the > domain separately. I did not change the local sid. Should I > change that? Not necessarily: It is rather cosmetic and probably not the cause for

The strange thing is that I cloned this server from another server, and the original server does not have the "wbinfo -u" problem. Both servers have the exact same configurations.. Thanks. ----- Original Message ----- From: "Peter Bulin" <bulin.peter at gmail.com> To: dxu at uoguelph.ca Cc: "samba" <samba at lists.samba.org> Sent: Wednesday,

What version are you using? I also had this problem with a security update of debian. I reported this to then and they fixed it. So if you are using debian, update to the latest version and see if this works Op 8 jun. 2016 10:13 p.m. schreef Dennis Xu <dxu at uoguelph.ca>: Hi, I am checking again if there are any other suggestions. The Samba server is joined to AD successfully. I can

On 2016-06-08 at 16:00 -0400, Dennis Xu wrote: > Hi, I am checking again if there are any other suggestions. > > The Samba server is joined to AD successfully. I can > authenticate a user using "wbinfo -a" but "wbinfo -u" and > "wbinfo -g" commands give no output. > > Any ideas? So you say the machine is cloned from another one. Did you just

Hi, I see you have had no replies as of yet.. Can you clarify the scenario - is freeradius installed on both of your samba servers, and configured to authenticate against the local samba server for active directory integration? Or is the scenario something different? I use freeradius here; each of my DCs has freeradius installed and configured to use the local samba server. But it's down to

Also when I use "net ads search '(objectCategory=group)' sAMAccountName", I can see all the groups. But wbinfo -g gives nothing. wired! ----- Original Message ----- From: "Dennis Xu" <dxu at uoguelph.ca> To: "Andreas Schamanek" <schamane at fam.tuwien.ac.at> Cc: "samba" <samba at lists.samba.org> Sent: Friday, April 29, 2016

I have Samba 4.2 on Redhat 7. "wbinfo -u" and "wbinfo -g" commands give no output and no error. I can authenticate using "wbinfo -a username". Anyone knows what could be the problem? Thanks.

Hello, I can definately confirm that it's working. My basic setup is: 1) Samba 4.7.6 AD DC (2 of them), compiled from source, on centos 7 2) Freeradius 3.0.13 + samba 4.6.2 as domain member, packages straight from centos repo. // I  tested also on freeradius 3.0.14 and samba 4.7.x smb.conf on the DC is pretty basic, most important is obviously in [globall]:         ntlm auth =

Hi Alexander, I'm terribly sorry. We didnt have the "ntlm auth" parameter configured on the DCs at all. I added it and it just works. Thanks for your help. Now I just need to figure out how I can make WLAN-specific LDAP-Group authentication. e. g. production WLAN needs LDAP group "wlan_production" and management WLAN needs the "wlan_management" group. I

I can share my notes, we authenticate UniFi clients via Freeradius against Samba AD. We also check group membership which you might or might not need: ## 4 FreeRADIUS ### 4.1 Basics ```bash apt install freeradius freeradius-ldap freeradius-utils # create new DH-params openssl dhparam -out /etc/freeradius/3.0/certs/dh 2048 ``` ### 4.2 Configure Authentication - modify mschap to use winbind,

Hello Alexander, thanks Alexander for these configuration snippets. Which version of Samba are you using? Is this on debian bullseye? Is the FreeRADIUS server installed on a DC or on a Domain Member? (I just tested the latter). is "ntlm auth = yes" OK for the DCs and the domain member or does it have to be "mschapv2-and-ntlmv2-only" for all servers (DCs + Member)? It

Hello Tim, Hello samba-people, is there an uptodate guide for authenticating via freeradius somewhere? I have some Ubiquiti APs plus a Cloud Key and I want to authenticate WLAN clients via WPA2-Enterprise instead of a (shared) PSK. It seems like https://wiki.samba.org/index.php/Authenticating_Freeradius_against_Active_Directory is missing some steps (basic setup of freeradius). Can you

Hi Matthias, we?re using Debian Bullseye with the backports repo. So version is a mixture of - Samba version 4.17.3-Debian - Samba version 4.17.7-Debian We?ve installed it directly on the DC?s as well. In my opinion using "ntlm auth = yes? should be fine. Did you try using a simple RADIUS secret? In my experience long secrets or ones containing special characters don?t work very well. I

Dear All, I'm trying to setup FreeRADIUS to authenticate a machine account to grant access to wifi for domain-connected machines. I think I've got the GPO's set up properly and the CA deployed to the clients, as I'm not getting any errors there. The errors I'm getting are to do with ntlm_auth not authenticating my machine account. Everything looks OK (to me) on the command

Hi, I want to know how to use ntlm_auth with ntlm-server-1 and freeradius, with the users login and password information in ldap. I have read documentation of ntlm_auth (only found the man page), docs and howtos about pptp and squid, i don't found about freeradius, and i'm experimenting with the options of ntlm_auth. I have configured freeradius+ldap+802.1X for a wireless lan, but i

Op 03-04-2023 om 16:05 schreef Tim ODriscoll via samba: > Dear All, > > I'm trying to setup FreeRADIUS to authenticate a machine account to grant access to wifi for domain-connected machines. I think I've got the GPO's set up properly and the CA deployed to the clients, as I'm not getting any errors there. > > The errors I'm getting are to do with ntlm_auth not

I had exact the same problem. Try: client ldap sasl wrapping = plain in smb.conf Op 10 jun. 2016 10:44 p.m. schreef Dennis Xu <dxu at uoguelph.ca>: Hello, I see this error when trying "wbinfo -g": [2016/06/09 13:55:33.617151, 3, pid=11847, effective(0, 0), real(0, 0)] ../source3/libads/ldap.c:904(ads_do_paged_search_args) ads_do_paged_search_args:

I finally found it, thanks to a clue from https://wiki.archlinux.org/index.php/Active_Directory_Integration This works: kinit -k -t /etc/krb5.keytab 'WRN-RADTEST$' These don't work: kinit -k -t /etc/krb5.keytab kinit -k -t /etc/krb5.keytab host/wrn-radtest.ad.example.net kinit -k -t /etc/krb5.keytab host/wrn-radtest That is: the keytab contains three different principals: root