Displaying 20 results from an estimated 3000 matches similar to: "FreeRADIUS & SAMBA when Active Directory domain is not a FQDN"
2019 Nov 13
3
FreeRADIUS & SAMBA when Active Directory domain is not a FQDN
Hi Rowland,
Apologies for the tardy reply, I mistakenly set the mailing list to digest...
Thanks for the suggestion, I'll ask the AD guys about this but I have a feeling it is an unlikely solution as Office 365 & Skype for Business apparently relies on the UPN. Unfortunately the local domain is a result of following Microsoft's "Best Practice" in the early 2000's which
2019 Nov 14
1
FreeRADIUS & SAMBA when Active Directory domain is not a FQDN
On Wed, 2019-11-13 at 22:21 +0000, Steve Bluck via samba wrote:
> FreeRAIDUS is checking for a username in the format of
> [user]@[internet domain] for Eduroam (World wide WiFi network, mostly
> used by Education), if it is not a locally defined Internet domain it
> then refers the RADIUS request to a higher level RADIUS server.
> However if it's our defined domain e.g.
2019 Nov 12
0
FreeRADIUS & SAMBA when Active Directory domain is not a FQDN
On 12/11/2019 21:17, Steve Bluck via samba wrote:
> OS is Centos 7; FreeRADIUS Version 3.0.13; Samba version 4.9.1;
>
>
>
> I'm building a FreeRADIUS box for Eduroam authentication for both SP & IDP, and have hit a stumbling block I can?t figure or Google my way out of.
>
>
>
> The issue is the local AD domain is along the lines of ?example.campus?, but users
2019 Nov 13
0
FreeRADIUS & SAMBA when Active Directory domain is not a FQDN
FreeRAIDUS is checking for a username in the format of [user]@[internet domain] for Eduroam (World wide WiFi network, mostly used by Education), if it is not a locally defined Internet domain it then refers the RADIUS request to a higher level RADIUS server. However if it's our defined domain e.g. EXAMPLE.COM it will check with our AD server.
Normally the sAMAccountName & AD domain pair is
2023 Apr 04
1
[EXTERNAL] Fwd: ntlm_auth and freeradius
On Tue, 2023-04-04 at 09:37 +0200, Kees van Vloten wrote:
> Op 04-04-2023 om 00:32 schreef Andrew Bartlett:
>
> >
> > On Mon, 2023-04-03 at 15:08 +0000, Tim ODriscoll via samba wrote:
> >
> > > Unfortunately it's still erroring out:
> > > (7) mschap: Creating challenge hash with username: host/SL-6S4BBS3.MYDOMAIN.co.uk
> > > (7) mschap:
2023 Apr 03
2
[EXTERNAL] Fwd: ntlm_auth and freeradius
On Mon, 2023-04-03 at 15:08 +0000, Tim ODriscoll via samba wrote:
> Unfortunately it's still erroring out:
> (7) mschap: Creating challenge hash with username: host/SL-6S4BBS3.MYDOMAIN.co.uk
> (7) mschap: Client is using MS-CHAPv2
Is this set as a UPN (with the realm appended) on the user?
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001)
2020 Jul 02
5
Azure Sync
Sorry if I didn't find the right manual.
I would like to set up a new Domain Controller and connect it to an existing Office 365 with Exchange in a way, AD-Users of a certain group can login and not having to login to Office365.
My questions:
Can I map the existing Office365-Accounts to the new Domain?
Is the existing username scheme in Office 365 of lois.griffin at company.com compatible
2023 Apr 04
1
Fwd: ntlm_auth and freeradius
On Mon, 2023-04-03 at 15:08 +0000, Tim ODriscoll via samba wrote:
Unfortunately it's still erroring out:
(7) mschap: Creating challenge hash with username: host/SL-6S4BBS3.MYDOMAIN.co.uk
(7) mschap: Client is using MS-CHAPv2
> Is this set as a UPN (with the realm appended) on the user?
I don't see any UPN's in my AD record, only SPNs - unless I misunderstand you?
I've run
2020 Jul 10
1
Azure Sync
On 09.07.20 18:59, Bernhard Dick via samba wrote:
> Hi,
>
> Am 02.07.2020 um 17:23 schrieb Martin Hauptmann via samba:
>> Sorry if I didn't find the right manual.
>>
>> I would like to set up a new Domain Controller and connect it to an
>> existing Office 365 with Exchange in a way, AD-Users of a certain
>> group can login and not having to login to
2023 Apr 03
2
[EXTERNAL] Fwd: ntlm_auth and freeradius
> I guess we have to look at the conf files then, first these two:
Thank you for the config file snippets. I can confirm mine were almost identical, so I've tweaked them so that they are now exactly the same as yours except for the "--require-membership-of=example\authorization_groupname" line in ntlm_auth.
Unfortunately it's still erroring out:
(7) mschap: Creating
2023 Apr 04
1
Fwd: ntlm_auth and freeradius
On Tue, 2023-04-04 at 07:55 +0000, Tim ODriscoll wrote:
> On Mon, 2023-04-03 at 15:08 +0000, Tim ODriscoll via samba wrote:
>
>
>
>
> > Unfortunately it's still erroring out:
> > (7) mschap: Creating challenge hash with username: host/SL-
> > 6S4BBS3.MYDOMAIN.co.uk
> > (7) mschap: Client is using MS-CHAPv2
>
>
>
> > Is this set as a
2019 Mar 03
3
Joining a DC, was (no subject)
On Sun, 3 Mar 2019 13:14:35 +0000 (UTC)
Billy Bob <billysbobs at yahoo.com> wrote:
>
> > > > > The 'Nooooo, don't do that is:
> > > > > Don't change the UPN
> > > >
> > > > Why not? It's a recommended best practice to choose a subdomain
> > > > of your primary domain (e.g. "ad.example.com"), and
2015 Mar 02
3
CentOS7 buggy freeradius
Bonjour,
It seems that freeradius 3.0.1-6.el7 of centOS 7 don't work.
When doing very simple authentification (PAP control of ssh login on a
switch), I get a segmentation fault when the first accounting packet
arrives on the server.
Does anyone test succesfully this version of freeradius ?
Thanks
PS: no error with the compilation of the last source version of
freeradius (3.0.7)
--
2019 Mar 03
3
Joining a DC, was (no subject)
> > > The 'Nooooo, don't do that is:
> > > Don't change the UPN
> >
> > Why not? It's a recommended best practice to choose a subdomain of
> > your primary domain (e.g. "ad.example.com"), and then add alternate
> > UPN suffix which allows user logons to match their email addresses.
> >
> > In fact, this page on the
2006 Mar 20
6
FreeRadius version
It seems to me that the ver of FreeRadius is 1.0.1:
yum list | grep "radius"
freeradius.i386 1.0.1-3.RHEL4
installed
freeradius-mysql.i386 1.0.1-3.RHEL4 base
freeradius-postgresql.i386 1.0.1-3.RHEL4 base
freeradius-unixODBC.i386 1.0.1-3.RHEL4 base
According to freeradius.org, this
2005 Jul 19
2
FreeRADIUS
Greetings list,
I'm haveing problem with FreeRADIUS v1.0.1-3 which came with CentOS 4.1
FreeRADIUS refuses to use system accounts for authentication.
The latest freeradius-1.0.4 is working correctly.
Can we have this update or have to wail till RH release new rpm src?
Thanks,
-j
2009 Mar 25
3
freeradius version
Hi All,
The freeradius version in CentOS 5 is ancient, so I've been considering
rebuilding the Fedora 10 rpm for freeradius-2.1.3 on CentOS. That means
I'll have to maintain the package, and I'm not an uber packager.
Normally I wouldn't care, but in this case I do because the freeradius
server is going to be critical.
So, should I rebuild the F10 rpm, or should I just stick with
2016 Apr 15
5
samba 4.4.2 freeradius authentication with ntlm_auth
Hi;
Samba team say "It is recommended that administrators set these additional
options, if compatible with their network environment:"
ntlm auth = no
I use samba with FreeRadius.
I configure "ntlm_ auth = no" but freeradius users not connected to wifi.
I use ntlm_auth in FreeRadius side..
best regards
2023 Apr 06
2
Fwd: ntlm_auth and freeradius
Hello Tim, Hello samba-people,
is there an uptodate guide for authenticating via freeradius somewhere?
I have some Ubiquiti APs plus a Cloud Key and I want to authenticate
WLAN clients via WPA2-Enterprise instead of a (shared) PSK.
It seems like
https://wiki.samba.org/index.php/Authenticating_Freeradius_against_Active_Directory
is missing some steps (basic setup of freeradius).
Can you
2016 Dec 29
3
Error with samba update in debian.
no thats not it
samba-tool does not set upn but msktutil does set the upn.
So an option for samba-tool to set upn would be nice...
Greetz
Louis
> Op 28 dec. 2016 om 18:38 heeft Rowland Penny via samba <samba at lists.samba.org> het volgende geschreven:
>
> On Wed, 28 Dec 2016 17:05:39 +0100
> "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote: