similar to: ntlm_auth with freeradius

Displaying 20 results from an estimated 600 matches similar to: "ntlm_auth with freeradius"

2017 May 29
0
Fw: ntlm_auth with freeradius
Edit: When running 'winbindd -SFd5', I see a little more of the problem after I run my two ntlm_auth commands one after the other. I believe the 'crap' part is an acronym for 'Challenge Response Authentication Protocol', so why would it be failing? [ 2202]: request interface version (version = 28) [ 2202]: request location of privileged pipe getgroups root Could not
2023 Apr 04
1
Fwd: ntlm_auth and freeradius
On Mon, 2023-04-03 at 15:08 +0000, Tim ODriscoll via samba wrote: Unfortunately it's still erroring out: (7) mschap: Creating challenge hash with username: host/SL-6S4BBS3.MYDOMAIN.co.uk (7) mschap: Client is using MS-CHAPv2 > Is this set as a UPN (with the realm appended) on the user? I don't see any UPN's in my AD record, only SPNs - unless I misunderstand you? I've run
2017 May 27
3
idmap woes after upgrade
Hi Rowland, On 27 May 2017 11:39: > Hmm, you mention: > > 'idmap_ldb:use rfc2307 = yes' and 'xidNumber' > > Is this on a DC or a Unix domain member ? This is on a DC. I only have two centOS7 AD DC's in my environment.. Tim
2017 May 27
3
idmap woes after upgrade
Hello All, I've bitten the bullet and upgraded from sernet-samba-4.2 to 4.6.4-SerNet-RedHat-7.el7. Now my AD users don't show up in Linux, with the result that the [homes] share fails to connect. Other shares work fine, it's just the homes share. There doesn't appear to be any uidNumber mapping going on. I used to be able to use the unix command 'id' to show user info,
2023 Apr 04
1
Fwd: ntlm_auth and freeradius
On Tue, 2023-04-04 at 07:55 +0000, Tim ODriscoll wrote: > On Mon, 2023-04-03 at 15:08 +0000, Tim ODriscoll via samba wrote: > > > > > > Unfortunately it's still erroring out: > > (7) mschap: Creating challenge hash with username: host/SL- > > 6S4BBS3.MYDOMAIN.co.uk > > (7) mschap: Client is using MS-CHAPv2 > > > > > Is this set as a
2023 Apr 03
2
[EXTERNAL] Fwd: ntlm_auth and freeradius
On Mon, 2023-04-03 at 15:08 +0000, Tim ODriscoll via samba wrote: > Unfortunately it's still erroring out: > (7) mschap: Creating challenge hash with username: host/SL-6S4BBS3.MYDOMAIN.co.uk > (7) mschap: Client is using MS-CHAPv2 Is this set as a UPN (with the realm appended) on the user? -- Andrew Bartlett (he/him) https://samba.org/~abartlet/ Samba Team Member (since 2001)
2023 Apr 03
1
ntlm_auth and freeradius
Dear All, I'm trying to setup FreeRADIUS to authenticate a machine account to grant access to wifi for domain-connected machines. I think I've got the GPO's set up properly and the CA deployed to the clients, as I'm not getting any errors there. The errors I'm getting are to do with ntlm_auth not authenticating my machine account. Everything looks OK (to me) on the command
2023 Apr 03
2
ntlm_auth and freeradius
Op 03-04-2023 om 16:05 schreef Tim ODriscoll via samba: > Dear All, > > I'm trying to setup FreeRADIUS to authenticate a machine account to grant access to wifi for domain-connected machines. I think I've got the GPO's set up properly and the CA deployed to the clients, as I'm not getting any errors there. > > The errors I'm getting are to do with ntlm_auth not
2023 Apr 04
2
Fwd: ntlm_auth and freeradius
> You said earlier that you have set ntlm auth = mschapv2-and-ntlmv2-only Yes, I found that here: https://wiki.samba.org/index.php/Authenticating_Freeradius_against_Active_Directory > This means to reject NTLMv1, which MSCHAPv2 is cryptographically, unless the client makes special pleading that it used MSCHAPv2 with it's client. > This is related to the missing ntlm_auth option
2017 May 29
2
ntlm_auth with freeradius
On 29 May 2017 12:32 >When running 'winbindd -SFd5', I see a little more of the problem after I run my two ntlm_auth commands > one after the other. I believe the 'crap' part is an acronym for 'Challenge Response > Authentication Protocol', so why would it be failing? Edit2: wbinfo -a tim.odriscoll%<mypass> works perfectly, with the winbindd debug logs
2017 May 27
0
idmap woes after upgrade
On Sat, 27 May 2017 11:02:36 +0000 Tim ODriscoll <tim.odriscoll at lambrookschool.co.uk> wrote: > Hi Rowland, > > On 27 May 2017 11:39: > > Hmm, you mention: > > > > 'idmap_ldb:use rfc2307 = yes' and 'xidNumber' > > > > Is this on a DC or a Unix domain member ? > > This is on a DC. I only have two centOS7 AD DC's in my
2023 Apr 06
1
[EXTERNAL] Re: Fwd: ntlm_auth and freeradius
Hi Matthias, > Can you write up some of your findings please? I've not got my setup exactly as I want it yet. Once it's ready and I can document it, I will make it available. I also used the guide from freeradius, as well as many other snippets I found. Now I have to remove them all to see which ones are superfluous..
2017 May 27
3
idmap woes after upgrade
On 27 May 2017 12:45: On Sat, 27 May 2017 11:02:36 +0000 Tim ODriscoll <tim.odriscoll at lambrookschool.co.uk> wrote: > The other lines never did anything on a DC. Thank you, I've removed them now.. > Unless you manually add uidNumber attributes to users and gidNumber > attributes to groups, id mapping on a DC is done in idmap.ldb and > results in ID numbers in the 3000000
2017 May 27
0
idmap woes after upgrade
On Sat, 27 May 2017 09:25:24 +0000 Tim ODriscoll via samba <samba at lists.samba.org> wrote: > Hello All, > > I've bitten the bullet and upgraded from sernet-samba-4.2 to > 4.6.4-SerNet-RedHat-7.el7. > > Now my AD users don't show up in Linux, with the result that the > [homes] share fails to connect. Other shares work fine, it's just the > homes share.
2023 Apr 03
2
Fwd: ntlm_auth and freeradius
Op 03-04-2023 om 16:05 schreef Tim ODriscoll via samba: > Dear All, > > I'm trying to setup FreeRADIUS to authenticate a machine account to grant access to wifi for domain-connected machines. I think I've got the GPO's set up properly and the CA deployed to the clients, as I'm not getting any errors there. > > The errors I'm getting are to do with ntlm_auth not
2023 Apr 12
1
Fwd: ntlm_auth and freeradius
Hello Alexander, thanks Alexander for these configuration snippets. Which version of Samba are you using? Is this on debian bullseye? Is the FreeRADIUS server installed on a DC or on a Domain Member? (I just tested the latter). is "ntlm auth = yes" OK for the DCs and the domain member or does it have to be "mschapv2-and-ntlmv2-only" for all servers (DCs + Member)? It
2019 Aug 30
0
Samba 4.10.7 + freeradius 3.0.17 +ntlm_auth - Debian buster
Guys, Christian, Marco, Thank you very much. Marco, you have the best internal wiki :-) Very very usefull. Whooe.. Most is working atm. And as always the solution was so simpel.. I forgot... To .. Add... ntlm auth = mschapv2-and-ntlmv2-only To the DC's smb.conf. :-/ pretty stupid.. But. So far, it looks good. I've tested now. radtest -t mschap username 'passwd'
2015 Apr 25
2
I can't join the new AD server with Samba4
Hi, I'm sorry for my english. i've migrated an old 3.6 samba domain to Samba 4.1 and the windows part is working fine (i can join and manage the server from a Windows Machine), but when I try to join the domain from another linux server it fails. I've followed this guide to migrate: https://wiki.samba.org/index.php/Samba_Classic_Upgrade_%28NT4-style_domain_to_AD%29 and this for
2015 Apr 25
2
I can't join the new AD server with Samba4
Sorry, I forgot to revert another test i did, but the result is the same: --------------------------------------------------------------------------------------------------------------------------------------- --------------------------------------------------------------------------------------------------------------------------------------- sudo net ads join -U "Administrator" -d 5
2016 Dec 19
5
Problem with keytab: "Client not found in Kerberos database"
I am trying to use a keytab for a client machine to authenticate to Samba's own LDAP server. The samba servers (replicated) are ubuntu 16.04 with samba 4.5.2 compiled from source. The client machine is ubuntu 16.04 with stock samba 4.3.11. It has been joined directly to the Samba domain ("net ads join"). I have also extracted a keytab ("net ads keytab create -P")