Displaying 20 results from an estimated 5000 matches similar to: "how to manually specify domain controllers"
2016 Apr 11
1
how to manually specify domain controllers
On 11 April 2016 at 15:28, Rowland penny <rpenny at samba.org> wrote:
> On 08/04/16 21:19, Dennis Xu wrote:
>
>> We have two Samba 4.2.3 servers with FreeRadius to authenticate wireless
>> users against active directory. Using DNS, sometimes both servers end up
>> using the same domain controller to authenticate users. I would like to
>> distribute the load to
2016 Jun 10
2
wbinfo -u and -g gives no output
Hello,
I see this error when trying "wbinfo -g":
[2016/06/09 13:55:33.617151, 3, pid=11847, effective(0, 0), real(0, 0)] ../source3/libads/ldap.c:904(ads_do_paged_search_args)
ads_do_paged_search_args: ldap_search_with_timeout((&(objectCategory=group)(&(groupType:dn:1.2.840.113556.1.4.803:=-2147483648)(!(groupType:dn:1.2.840.113556.1.4.803:=1))))) -> Time limit exceeded
2016 Jun 09
2
wbinfo -u and -g gives no output
On 2016-06-09 at 10:17 -0400, Dennis Xu wrote:
> Hi Michael,
>
> Thank you for your suggestion.
>
> I did clone the server. After the clone, the server was not
> join to domain automatically, then I join the server to the
> domain separately. I did not change the local sid. Should I
> change that?
Not necessarily: It is rather cosmetic and probably not the
cause for
2016 Apr 27
4
wbinfo -u and -g gives no output
The strange thing is that I cloned this server from another server, and the original server does not have the "wbinfo -u" problem. Both servers have the exact same configurations..
Thanks.
----- Original Message -----
From: "Peter Bulin" <bulin.peter at gmail.com>
To: dxu at uoguelph.ca
Cc: "samba" <samba at lists.samba.org>
Sent: Wednesday,
2016 Jun 08
1
wbinfo -u and -g gives no output
What version are you using?
I also had this problem with a security update of debian. I reported this to then and they fixed it. So if you are using debian, update to the latest version and see if this works
Op 8 jun. 2016 10:13 p.m. schreef Dennis Xu <dxu at uoguelph.ca>:
Hi, I am checking again if there are any other suggestions.
The Samba server is joined to AD successfully. I can
2016 Jun 08
2
wbinfo -u and -g gives no output
On 2016-06-08 at 16:00 -0400, Dennis Xu wrote:
> Hi, I am checking again if there are any other suggestions.
>
> The Samba server is joined to AD successfully. I can
> authenticate a user using "wbinfo -a" but "wbinfo -u" and
> "wbinfo -g" commands give no output.
>
> Any ideas?
So you say the machine is cloned from another one.
Did you just
2016 Apr 11
0
how to manually specify domain controllers
Hi,
I see you have had no replies as of yet.. Can you clarify the scenario - is
freeradius installed on both of your samba servers, and configured to
authenticate against the local samba server for active directory
integration? Or is the scenario something different?
I use freeradius here; each of my DCs has freeradius installed and
configured to use the local samba server. But it's down to
2016 Apr 29
4
wbinfo -u and -g gives no output
Also when I use "net ads search '(objectCategory=group)' sAMAccountName", I can see all the groups. But wbinfo -g gives nothing. wired!
----- Original Message -----
From: "Dennis Xu" <dxu at uoguelph.ca>
To: "Andreas Schamanek" <schamane at fam.tuwien.ac.at>
Cc: "samba" <samba at lists.samba.org>
Sent: Friday, April 29, 2016
2016 Apr 27
3
wbinfo -u and -g gives no output
I have Samba 4.2 on Redhat 7. "wbinfo -u" and "wbinfo -g" commands give no output and no error. I can authenticate using "wbinfo -a username".
Anyone knows what could be the problem?
Thanks.
2018 Mar 27
5
ODP: Re: freeradius + NTLM + samba AD 4.5.x
Hello,
I can definately confirm that it's working.
My basic setup is:
1) Samba 4.7.6 AD DC (2 of them), compiled from source, on centos 7
2) Freeradius 3.0.13 + samba 4.6.2 as domain member, packages straight
from centos repo. // I tested also on freeradius 3.0.14 and samba 4.7.x
smb.conf on the DC is pretty basic, most important is obviously in
[globall]:
ntlm auth =
2023 Apr 12
2
Fwd: ntlm_auth and freeradius
Hi Alexander,
I'm terribly sorry. We didnt have the "ntlm auth" parameter configured
on the DCs at all. I added it and it just works.
Thanks for your help.
Now I just need to figure out how I can make WLAN-specific LDAP-Group
authentication.
e. g. production WLAN needs LDAP group "wlan_production" and management
WLAN needs the "wlan_management" group.
I
2023 Apr 06
1
Fwd: ntlm_auth and freeradius
I can share my notes, we authenticate UniFi clients via Freeradius against Samba AD. We also check group membership which you might or might not need:
## 4 FreeRADIUS
### 4.1 Basics
```bash
apt install freeradius freeradius-ldap freeradius-utils
# create new DH-params
openssl dhparam -out /etc/freeradius/3.0/certs/dh 2048
```
### 4.2 Configure Authentication
- modify mschap to use winbind,
2023 Apr 12
1
Fwd: ntlm_auth and freeradius
Hello Alexander,
thanks Alexander for these configuration snippets.
Which version of Samba are you using? Is this on debian bullseye? Is the
FreeRADIUS server installed on a DC or on a Domain Member? (I just
tested the latter).
is "ntlm auth = yes" OK for the DCs and the domain member or does it
have to be "mschapv2-and-ntlmv2-only" for all servers (DCs + Member)? It
2023 Apr 06
2
Fwd: ntlm_auth and freeradius
Hello Tim, Hello samba-people,
is there an uptodate guide for authenticating via freeradius somewhere?
I have some Ubiquiti APs plus a Cloud Key and I want to authenticate
WLAN clients via WPA2-Enterprise instead of a (shared) PSK.
It seems like
https://wiki.samba.org/index.php/Authenticating_Freeradius_against_Active_Directory
is missing some steps (basic setup of freeradius).
Can you
2023 Apr 12
1
Fwd: ntlm_auth and freeradius
Hi Matthias,
we?re using Debian Bullseye with the backports repo. So version is a mixture of
- Samba version 4.17.3-Debian
- Samba version 4.17.7-Debian
We?ve installed it directly on the DC?s as well.
In my opinion using "ntlm auth = yes? should be fine.
Did you try using a simple RADIUS secret? In my experience long secrets or ones containing special characters don?t work very well. I
2023 Apr 03
1
ntlm_auth and freeradius
Dear All,
I'm trying to setup FreeRADIUS to authenticate a machine account to grant access to wifi for domain-connected machines. I think I've got the GPO's set up properly and the CA deployed to the clients, as I'm not getting any errors there.
The errors I'm getting are to do with ntlm_auth not authenticating my machine account. Everything looks OK (to me) on the command
2005 Nov 02
1
how to use ntlm_auth
Hi,
I want to know how to use ntlm_auth with ntlm-server-1 and freeradius,
with the users login and password information in ldap.
I have read documentation of ntlm_auth (only found the man page), docs
and howtos about pptp and squid, i don't found about freeradius, and i'm
experimenting with the options of ntlm_auth.
I have configured freeradius+ldap+802.1X for a wireless lan, but i
2023 Apr 03
2
ntlm_auth and freeradius
Op 03-04-2023 om 16:05 schreef Tim ODriscoll via samba:
> Dear All,
>
> I'm trying to setup FreeRADIUS to authenticate a machine account to grant access to wifi for domain-connected machines. I think I've got the GPO's set up properly and the CA deployed to the clients, as I'm not getting any errors there.
>
> The errors I'm getting are to do with ntlm_auth not
2016 Jun 10
0
wbinfo -u and -g gives no output
I had exact the same problem.
Try: client ldap sasl wrapping = plain in smb.conf
Op 10 jun. 2016 10:44 p.m. schreef Dennis Xu <dxu at uoguelph.ca>:
Hello,
I see this error when trying "wbinfo -g":
[2016/06/09 13:55:33.617151, 3, pid=11847, effective(0, 0), real(0, 0)] ../source3/libads/ldap.c:904(ads_do_paged_search_args)
ads_do_paged_search_args:
2016 Dec 20
4
Problem with keytab: "Client not found in Kerberos database"
I finally found it, thanks to a clue from
https://wiki.archlinux.org/index.php/Active_Directory_Integration
This works:
kinit -k -t /etc/krb5.keytab 'WRN-RADTEST$'
These don't work:
kinit -k -t /etc/krb5.keytab
kinit -k -t /etc/krb5.keytab host/wrn-radtest.ad.example.net
kinit -k -t /etc/krb5.keytab host/wrn-radtest
That is: the keytab contains three different principals:
root