similar to: winbindd with LDAPS

Displaying 20 results from an estimated 10000 matches similar to: "winbindd with LDAPS"

2023 Mar 08
1
winbindd with LDAPS
On 08/03/2023 12:58, jose.celestino--- via samba wrote: > Hi, > > We have a samba installation (4.17.5) where a winbindd is part of an > AD domain and used to authenticate radius (radiator) logins. > > The thing is, the AD administration is closing port 386 on the > password server and only allowing requests on 636 (ldaps). > > I don't seem to be able to change
2023 Mar 08
1
winbindd with LDAPS
Thank you, I've seen that commit. But even that seemed to be a STARTTLS inside a plain ldap connection (389). On Wed, Mar 8, 2023 at 6:49?PM Andrew Bartlett <abartlet at samba.org> wrote: > > On Wed, 2023-03-08 at 12:58 +0000, jose.celestino--- via samba wrote: > > Hi, > > > > We have a samba installation (4.17.5) where a winbindd is part of an > > AD
2017 Nov 29
3
Missing /usr/share/perl5 in C7
I'm under a bit of a crunch here, so any immediate help would be appreciated. We kickstart our customer boxes and have started migrating to CentOS 7. We're running Radiator 4.6 1 (I know, but bear with me) and we just deployed our first radius box to a customer to be turned up today. (I know, I know. I had no idea it wasn't being tested sooner than this.) I was brought in
2017 Sep 03
4
Advice on Winbindd and NTLM Auth Performance
Hi Rowland, The only thing I'm using is winbindd the smbd and nmbd daemons are disabled. However I have now found the bottleneck is because freeradius is calling the ntlm_auth binary and effectively forking out. The guys at freeradius wrote a direct client libwbclient however their is no way of specifying the winbind privileged path using that method as it's hardcoded during compile
2018 Sep 27
1
Debugging TLS Retry Handshake errors
Hi Andrew, Thanks for the response. I'm running 4.7.6, there are 3 DC's, but in my tests, I'm directly pointed at only 1. And the actual CPU/ memory load is minimal - ~4%/6GB free. >From the client side, I'm pretty sure my tests are PHP calling ldap_connect() <https://github.com/pfsense/pfsense/blob/157aff9e256aa235ba68ccc2168c61fc61e90072/src/etc/inc/auth.inc#L960> .
2006 Feb 27
0
Authenticating users via samba to an active directory
Chaps, Got a small problem here that I could do with some help with. I am looking at implementing 802.1X wired based network authentication here and am using a RADIUS server called Radiator as the primary authentication mechanism. Radiator has an authentication module that'll allow user auth to an active directory via components of the samba suite. The requirement is that the host samba
2005 Nov 02
1
how to use ntlm_auth
Hi, I want to know how to use ntlm_auth with ntlm-server-1 and freeradius, with the users login and password information in ldap. I have read documentation of ntlm_auth (only found the man page), docs and howtos about pptp and squid, i don't found about freeradius, and i'm experimenting with the options of ntlm_auth. I have configured freeradius+ldap+802.1X for a wireless lan, but i
2014 Feb 10
3
[OT] Video card radiator
I recently obtained a desktop computer with an nVidia video card: from lspci: 02:00.0 VGA compatible controller: nVidia Corporation G84 [GeForce 8600 GT] (rev a1 I had to open the case to connect the DVD drive and saw what appears to be a fallen radiator: http://www.cs.ndsu.nodak.edu/~hennebry/computer/amd64-1.jpg http://www.cs.ndsu.nodak.edu/~hennebry/computer/amd64-2.jpg That nothing is shorted
2016 Aug 01
2
Centos 7 & ntlm
Hihi So I have a really strange problem. I am running Centos 7 with Samba purely for ntlm_auth against winbind services (squid/radius auth etc). Its been working fine till we found a strange bug with the ntlm_auth executable. If the username has a "w" at the end it throws out a syntax error see below test: # ./ntlm_auth --username=lblaauw username must be specified! Usage:
2003 Oct 31
3
FW: MSCHAPv2 microsoft client/linux/Active Directory
I don't want to use a VPN to solve this one. I am really wondering with (samba 3.x) when the linux box become part of The AD domain does it get a special privileges? > > Hi,i am not sure if i understand yor needs, but maybe this helps > this links guide you to setup a pptp server an client for linux > http://www.poptop.org/ > http://pptpclient.sourceforge.net/ > there
2018 Sep 07
3
NTLM auth, better on a DC or on a DM?
On Fri, 2018-09-07 at 20:14 +0200, Luca Olivetti via samba wrote: > El 7/9/18 a les 17:59, Marco Gaiarin via samba ha escrit: > > > It is better to install squid/freeradius in the same host of a DC, or > > don't bother at all so they can be installed also on a DM? > > I don't know if it's better but I'm running freeradius with ntlm_auth on > a
2006 Mar 09
2
Using ntlm_auth to authneticate to an NTLMv2 AD
Chaps, I'm trying to get a radius server to authenticate to AD via the samba ntlm_auth program. I've just built samba vsn 3.0.21c with the following config parameters ./configure --with-pam --enable-socket-wrapper --with-ldapsam --with-syslog --with-ldap --with-winbind My smb.conf has global] workgroup = ADIR security = domain password server = 150.237.54.198 realm =
2016 Apr 11
1
how to manually specify domain controllers
On 11 April 2016 at 15:28, Rowland penny <rpenny at samba.org> wrote: > On 08/04/16 21:19, Dennis Xu wrote: > >> We have two Samba 4.2.3 servers with FreeRadius to authenticate wireless >> users against active directory. Using DNS, sometimes both servers end up >> using the same domain controller to authenticate users. I would like to >> distribute the load to
2009 Feb 01
1
asterisk-users Digest, Vol 54, Issue 109
Sorry, but why u r using the Radius with the CDR? Not enough to access the CDR in the /var/log/asterisk/cdr-csv/Master.csv? Also, what kind of Radius u r using? Any suggested link? Regards Bilal > > Hello list. > > I'm having some problems with the CDR Radius in my > Asterisk 1.4. I'm > using two TC400B cards for transcoding. When I reach > nearly 100 >
2019 Oct 21
4
Samba4 and Freeradius
Hello, i've configured a new freeradius server for WLAN authentication. My radius server is a domain member on my samba 4.7.12 ADDC. For my mschap configuration i followd this guide: https://wiki.samba.org/index.php/Authenticating_Freeradius_against_Active_Directory. The auth works! I can configure ntlm_auth in two differents way? ntlm_auth = "/path/to/ntlm_auth*--allow-mschapv2*
2005 Oct 02
1
ntlm_auth and PEAP machine authentication
I am trying to use ntlm_auth for machine authentication requests against a Win2003/AD from my RADIUS server. Normal, user authentication works fine, but not machine authentication. The username passed from RADIUS to ntlm-auth looks like host/pcname123. I'm wondering if the "/" is killing it? The ntlm_auth man page says that it expects only Samba's unix charset. Does anyone
2023 Apr 06
1
Fwd: ntlm_auth and freeradius
I can share my notes, we authenticate UniFi clients via Freeradius against Samba AD. We also check group membership which you might or might not need: ## 4 FreeRADIUS ### 4.1 Basics ```bash apt install freeradius freeradius-ldap freeradius-utils # create new DH-params openssl dhparam -out /etc/freeradius/3.0/certs/dh 2048 ``` ### 4.2 Configure Authentication - modify mschap to use winbind,
2023 Apr 12
2
Fwd: ntlm_auth and freeradius
Hi Alexander, I'm terribly sorry. We didnt have the "ntlm auth" parameter configured on the DCs at all. I added it and it just works. Thanks for your help. Now I just need to figure out how I can make WLAN-specific LDAP-Group authentication. e. g. production WLAN needs LDAP group "wlan_production" and management WLAN needs the "wlan_management" group. I
2018 Mar 26
4
freeradius + NTLM + samba AD 4.5.x
Hi, we have updated our samba AD domain from 4.4.x to 4.5.x. The release notes for 4.5.0 included  "NTLMv1 authentication disabled by default". So we had to enable it to get our radius (freeradius) server working (for 802.1x). What would be the best way to change the freeradius configuration in such a way, that we can disable NTLMv1 again. The radius server is used for WLAN
2019 Nov 13
3
FreeRADIUS & SAMBA when Active Directory domain is not a FQDN
Hi Rowland, Apologies for the tardy reply, I mistakenly set the mailing list to digest... Thanks for the suggestion, I'll ask the AD guys about this but I have a feeling it is an unlikely solution as Office 365 & Skype for Business apparently relies on the UPN. Unfortunately the local domain is a result of following Microsoft's "Best Practice" in the early 2000's which