similar to: FreeRADIUS & SAMBA when Active Directory domain is not a FQDN

Hi Rowland, Apologies for the tardy reply, I mistakenly set the mailing list to digest... Thanks for the suggestion, I'll ask the AD guys about this but I have a feeling it is an unlikely solution as Office 365 & Skype for Business apparently relies on the UPN. Unfortunately the local domain is a result of following Microsoft's "Best Practice" in the early 2000's which

On Wed, 2019-11-13 at 22:21 +0000, Steve Bluck via samba wrote: > FreeRAIDUS is checking for a username in the format of > [user]@[internet domain] for Eduroam (World wide WiFi network, mostly > used by Education), if it is not a locally defined Internet domain it > then refers the RADIUS request to a higher level RADIUS server. > However if it's our defined domain e.g.

On 12/11/2019 21:17, Steve Bluck via samba wrote: > OS is Centos 7; FreeRADIUS Version 3.0.13; Samba version 4.9.1; > > > > I'm building a FreeRADIUS box for Eduroam authentication for both SP & IDP, and have hit a stumbling block I can?t figure or Google my way out of. > > > > The issue is the local AD domain is along the lines of ?example.campus?, but users

FreeRAIDUS is checking for a username in the format of [user]@[internet domain] for Eduroam (World wide WiFi network, mostly used by Education), if it is not a locally defined Internet domain it then refers the RADIUS request to a higher level RADIUS server. However if it's our defined domain e.g. EXAMPLE.COM it will check with our AD server. Normally the sAMAccountName & AD domain pair is

On Tue, 2023-04-04 at 09:37 +0200, Kees van Vloten wrote: > Op 04-04-2023 om 00:32 schreef Andrew Bartlett: > > > > > On Mon, 2023-04-03 at 15:08 +0000, Tim ODriscoll via samba wrote: > > > > > Unfortunately it's still erroring out: > > > (7) mschap: Creating challenge hash with username: host/SL-6S4BBS3.MYDOMAIN.co.uk > > > (7) mschap:

On Mon, 2023-04-03 at 15:08 +0000, Tim ODriscoll via samba wrote: > Unfortunately it's still erroring out: > (7) mschap: Creating challenge hash with username: host/SL-6S4BBS3.MYDOMAIN.co.uk > (7) mschap: Client is using MS-CHAPv2 Is this set as a UPN (with the realm appended) on the user? -- Andrew Bartlett (he/him) https://samba.org/~abartlet/ Samba Team Member (since 2001)

Sorry if I didn't find the right manual. I would like to set up a new Domain Controller and connect it to an existing Office 365 with Exchange in a way, AD-Users of a certain group can login and not having to login to Office365. My questions: Can I map the existing Office365-Accounts to the new Domain? Is the existing username scheme in Office 365 of lois.griffin at company.com compatible

On Mon, 2023-04-03 at 15:08 +0000, Tim ODriscoll via samba wrote: Unfortunately it's still erroring out: (7) mschap: Creating challenge hash with username: host/SL-6S4BBS3.MYDOMAIN.co.uk (7) mschap: Client is using MS-CHAPv2 > Is this set as a UPN (with the realm appended) on the user? I don't see any UPN's in my AD record, only SPNs - unless I misunderstand you? I've run

On 09.07.20 18:59, Bernhard Dick via samba wrote: > Hi, > > Am 02.07.2020 um 17:23 schrieb Martin Hauptmann via samba: >> Sorry if I didn't find the right manual. >> >> I would like to set up a new Domain Controller and connect it to an >> existing Office 365 with Exchange in a way, AD-Users of a certain >> group can login and not having to login to

> I guess we have to look at the conf files then, first these two: Thank you for the config file snippets. I can confirm mine were almost identical, so I've tweaked them so that they are now exactly the same as yours except for the "--require-membership-of=example\authorization_groupname" line in ntlm_auth. Unfortunately it's still erroring out: (7) mschap: Creating

On Tue, 2023-04-04 at 07:55 +0000, Tim ODriscoll wrote: > On Mon, 2023-04-03 at 15:08 +0000, Tim ODriscoll via samba wrote: > > > > > > Unfortunately it's still erroring out: > > (7) mschap: Creating challenge hash with username: host/SL- > > 6S4BBS3.MYDOMAIN.co.uk > > (7) mschap: Client is using MS-CHAPv2 > > > > > Is this set as a

On Sun, 3 Mar 2019 13:14:35 +0000 (UTC) Billy Bob <billysbobs at yahoo.com> wrote: > > > > > > The 'Nooooo, don't do that is: > > > > > Don't change the UPN > > > > > > > > Why not? It's a recommended best practice to choose a subdomain > > > > of your primary domain (e.g. "ad.example.com"), and

Bonjour, It seems that freeradius 3.0.1-6.el7 of centOS 7 don't work. When doing very simple authentification (PAP control of ssh login on a switch), I get a segmentation fault when the first accounting packet arrives on the server. Does anyone test succesfully this version of freeradius ? Thanks PS: no error with the compilation of the last source version of freeradius (3.0.7) --

> > > The 'Nooooo, don't do that is: > > > Don't change the UPN > > > > Why not? It's a recommended best practice to choose a subdomain of > > your primary domain (e.g. "ad.example.com"), and then add alternate > > UPN suffix which allows user logons to match their email addresses. > > > > In fact, this page on the

It seems to me that the ver of FreeRadius is 1.0.1: yum list | grep "radius" freeradius.i386 1.0.1-3.RHEL4 installed freeradius-mysql.i386 1.0.1-3.RHEL4 base freeradius-postgresql.i386 1.0.1-3.RHEL4 base freeradius-unixODBC.i386 1.0.1-3.RHEL4 base According to freeradius.org, this

Greetings list, I'm haveing problem with FreeRADIUS v1.0.1-3 which came with CentOS 4.1 FreeRADIUS refuses to use system accounts for authentication. The latest freeradius-1.0.4 is working correctly. Can we have this update or have to wail till RH release new rpm src? Thanks, -j

Hi All, The freeradius version in CentOS 5 is ancient, so I've been considering rebuilding the Fedora 10 rpm for freeradius-2.1.3 on CentOS. That means I'll have to maintain the package, and I'm not an uber packager. Normally I wouldn't care, but in this case I do because the freeradius server is going to be critical. So, should I rebuild the F10 rpm, or should I just stick with

Hi; Samba team say "It is recommended that administrators set these additional options, if compatible with their network environment:" ntlm auth = no I use samba with FreeRadius. I configure "ntlm_ auth = no" but freeradius users not connected to wifi. I use ntlm_auth in FreeRadius side.. best regards

Hello Tim, Hello samba-people, is there an uptodate guide for authenticating via freeradius somewhere? I have some Ubiquiti APs plus a Cloud Key and I want to authenticate WLAN clients via WPA2-Enterprise instead of a (shared) PSK. It seems like https://wiki.samba.org/index.php/Authenticating_Freeradius_against_Active_Directory is missing some steps (basic setup of freeradius). Can you

Hi, we have updated our samba AD domain from 4.4.x to 4.5.x. The release notes for 4.5.0 included  "NTLMv1 authentication disabled by default". So we had to enable it to get our radius (freeradius) server working (for 802.1x). What would be the best way to change the freeradius configuration in such a way, that we can disable NTLMv1 again. The radius server is used for WLAN