Displaying 20 results from an estimated 20000 matches similar to: "Advice on Winbindd and NTLM Auth Performance"
2017 Sep 01
2
Advice on Winbindd and NTLM Auth Performance
Hi Louis,
Yes of course that would help duh! apologies the OS is fedora 25 Samba
version samba-4.5.10-0.fc25.x86_64
smb.conf
server string = Samba Server MY-NETWORKS
hosts allow = 127.
log file = /var/log/samba/log-MY-NETWORKS.%m
log level = 0
max log size = 50
security = ads
encrypt passwords = yes
passdb backend = tdbsam
load printers = no
cups options = raw
printcap name = /dev/null
allow
2017 Sep 03
4
Advice on Winbindd and NTLM Auth Performance
Hi Rowland,
The only thing I'm using is winbindd the smbd and nmbd daemons are disabled.
However I have now found the bottleneck is because freeradius is calling
the ntlm_auth binary and effectively forking out.
The guys at freeradius wrote a direct client libwbclient however their is
no way of specifying the winbind privileged path using that method as it's
hardcoded during compile
2017 Sep 01
3
Advice on Winbindd and NTLM Auth Performance
Hello Everyone,
Thanks for your inputs I have followed whats here https://wiki.freeradius.
org/guide/Active-Directory-direct-via-winbind . Apart from the different
location for the directories. I have added the recommended options in samba.
However I cannot see why this would make a difference to performance.
The guide for setting up a samba domain member seems more to be aimed at
the whole
2017 Jun 08
4
ntlm_auth and SMBv2/v3
hai,
Please keep it mailing to the list, this way is shows up of others also.
A workaround for disabling SMBv1, you can make your server less secure but thats not what i would do.
Setting these to enable NTLM v1 again.
lanman auth = yes
ntlm auth = yes
raw NTLMv2 auth = yes
I think also this is more a question for the free raduis list, but i would to for a ldap(s) setup.
just dont mixup
2017 Jun 08
3
ntlm_auth and SMBv2/v3
Hi ,
I just need some clarification ;
We currently use ntlm_auth + winbind for AD auth on Freeradius, will
disabling SMBv1 break authentication for ntlm_auth + Freeradius ?
Many Thanks
Arnab
2017 May 21
3
NtLm auth with multiple ad domains
Hi ,
Any suggestions on the config I really need to get this working I am on
fedora with samba 4.45 ?
I know their is a probable way of getting this to work but not seen a
complete example anywhere..
I have seen a commercial product which runs centos use samba and Kerberos
across multiple disjoint domains.
Your help would really appreciated.
Many thanks
Arnab
On 21 May 2017 9:34 am,
2018 Sep 07
3
NTLM auth, better on a DC or on a DM?
On Fri, 2018-09-07 at 20:14 +0200, Luca Olivetti via samba wrote:
> El 7/9/18 a les 17:59, Marco Gaiarin via samba ha escrit:
>
> > It is better to install squid/freeradius in the same host of a DC, or
> > don't bother at all so they can be installed also on a DM?
>
> I don't know if it's better but I'm running freeradius with ntlm_auth on
> a
2017 Nov 22
3
SMB Conf changes in 4.7
Hi ,
I have just upgraded samba from 4.5.10 to 4.7.3 and my NTLM auth is
completely broken
on starting winbind its complaining about
Unknown parameter encountered: "winbindd privileged socket directory"
Ignoring unknown parameter "winbindd privileged socket directory"
In our case it needs to be specified on startup via smb.conf and not at
compile time.
This was working fine
2018 Mar 26
3
freeradius + NTLM + samba AD 4.5.x
Ok, I finally could try it out, and it seems to actually work, but You
need samba 4.7 on all machines, not only AD, but also server with
freeradius. I didn't get a chance to test it locally, that is samba AD +
freeradius on the same server.
Setup: 4.7.6 AD server and 4.6.2 samba member + freeradius didn't work
(got simple "nt_status_wrong_password")
but: 4.7.6 AD and 4.7.1
2018 Mar 26
3
freeradius + NTLM + samba AD 4.5.x
Also I just facepalmed, as I double checked smb.conf right after sending
mail, and in samba 4.7 there are new options available for "ntlm auth",
as stated in docs:
|mschapv2-and-ntlmv2-only| - Only allow NTLMv1 when the client promises
that it is providing MSCHAPv2 authentication (such as the |ntlm_auth| tool).
So that is is I suppose that special "flag" that is used by
2018 Mar 27
2
ODP: Re: freeradius + NTLM + samba AD 4.5.x
ok, tested it, and it works.
so to summarize:
on samba ad 4.7.x in smb.conf "ntlm auth" is set to "mschapv2-and-ntlmv2-only"
fr + samba domain member (4.6 and 4.7) in mods-available/mschap you have to add to ntlm_auth --allow-mschapv2 to the whole string OR just use winbind method, which sets correct flag without explicitly adding it.
with those settings ntlmv1 is blocked
2018 Mar 27
5
ODP: Re: freeradius + NTLM + samba AD 4.5.x
Hello,
I can definately confirm that it's working.
My basic setup is:
1) Samba 4.7.6 AD DC (2 of them), compiled from source, on centos 7
2) Freeradius 3.0.13 + samba 4.6.2 as domain member, packages straight
from centos repo. // I tested also on freeradius 3.0.14 and samba 4.7.x
smb.conf on the DC is pretty basic, most important is obviously in
[globall]:
ntlm auth =
2018 Sep 07
4
NTLM auth, better on a DC or on a DM?
Probably is a stupid question, but...
I need to implement some 'NTLM auth' (in squid and MSCHAPv2/PEAP on
freeradius).
It is better to install squid/freeradius in the same host of a DC, or
don't bother at all so they can be installed also on a DM?
Thanks.
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia''
2018 Jan 10
1
NTLM, MSCHAPv2, squid & freeradius...
Currently (samba 4 NT-like domains) i use extensively NTLM auth in
freeradius and more mildly in squid, respectively with:
Freeradius (mschap module):
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --domain=SANVITO --username=%{mschap:User-Name:-None} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
squid3:
auth_param ntlm program /usr/bin/ntlm_auth
2017 Nov 23
4
Compiling Samba 4.7 with systemd support on Fedora 26
Hi Rowland,
No I am running samba as a member, purely using it for ntlm_auth for
freeradius. If i run it manually i.e. /usr/local/samba/sbin/winbindd -D it
starts up and stays up no issues. Yes selinx is disabled
sestatus
SELinux status: disabled
Any pointers...?
Many Thanks
Arnab
On Thu, Nov 23, 2017 at 8:34 PM, Rowland Penny via samba <
samba at lists.samba.org> wrote:
2017 May 21
2
NtLm auth with multiple ad domains
Hi ,
I need to use ntlm_auth across two different AD domains and their is no
trust between the 2 domains. I followed the post http://samba-multiple-
domains.blogspot.co.uk/2010/03/how-to-join-one-linux-box-to-two.html
<https://deref-mail.com/mail/client/44YIgEylY9w/dereferrer/?redirectUrl=http%3A%2F%2Fsamba-multiple-domains.blogspot.co.uk%2F2010%2F03%2Fhow-to-join-one-linux-box-to-two.html>
2017 Sep 04
0
Advice on Winbindd and NTLM Auth Performance
Anyone on how to get libwbclient some kind of runtime parameter from smb
conf?
On 3 Sep 2017 23:22, "Arnab Roy" <arniekol at gmail.com> wrote:
>
>
> Wouldn't it be nice if the end user had a choice . Why would it be unsafe
> considering all the info is in smb.conf and it just needs to read like all
> other samba processes like smbd or nmbd?
>
> The
2018 Mar 26
2
freeradius + NTLM + samba AD 4.5.x
Hello,
I've done some further testing, and I have to correct myself.
I was (kind of obviously as I think about it) wrong about samba on the
freeradius server requiring v. 4.7. What makes all the difference is the
method used by mschap.
Traditionally in freeradius in mods-available/mschap you'll use
something like:
ntlm_auth = "/path/to/ntlm_auth --request-nt-key
2013 Feb 22
6
Samba 4 and freeradius
Hi,
My goal is to make use of samba 4 and freeradius to authenticate user to use wifi network (WPA2 enterprise).
The setup is to setup Samba 4.0.3 in machine A and setup freeradius in machine B.
By reading:
Document A: http://wiki.samba.org/index.php/Samba4/beyond
Document B: https://wiki.samba.org/index.php/Samba4/HOWTO/Virtual_Private_Network
Document C:
2019 Aug 30
6
Samba 4.10.7 + freeradius 3.0.17 +ntlm_auth - Debian buster
Hai,
It does not happen often but yes, i also need some help as i cant know everything also and im new with freeradius.
Im working on a configuration for samba member + freeradius with ntlm_auth.
Why ntlm_auth, because the next one is kerberos and ldap auth to configure..
I want to have some fallback options here and you have to start somewhere.
This is running on my new proxy/gateway