[Samba] Samba 4 and freeradius

Kristofer kristofer at cybernetik.net
Tue Feb 26 20:30:28 MST 2013


I had good luck using NTLM, rather than LDAP. See: http://freeradius.1045715.n5.nabble.com/Freeradius-How-to-integrate-Active-Directory-AD-Integration-WindowsXP-NTLM-Tutorial-td2745621.html 



----- Original Message -----

From: "Fong Kinglok" <busywater at gmail.com> 
To: samba at lists.samba.org 
Sent: Friday, February 22, 2013 10:18:53 AM 
Subject: [Samba] Samba 4 and freeradius 

Hi, 

My goal is to make use of samba 4 and freeradius to authenticate user to use wifi network (WPA2 enterprise). 

The setup is to setup Samba 4.0.3 in machine A and setup freeradius in machine B. 

By reading: 
Document A: http://wiki.samba.org/index.php/Samba4/beyond 
Document B: https://wiki.samba.org/index.php/Samba4/HOWTO/Virtual_Private_Network 
Document C: http://www.linuxgfx.co.uk/karoshi/documentation/wiki/index.php?title=Samba4_Testing 

The testing to bind the samba 4 server from machine B shows successfully: 
ldapsearch -x -W -h file.sambadom.org -b "ou=accounting,dc=sambadom,dc=org" -D "cn=ldapuser,cn=users,dc=sambadom,dc=org" "(cn=peter)" 

Also, ldap module of freeradius is configured as follows (ldap part in sites-enabled/default and inner-tunnel is configured also.) 

/usr/local/freeradius/etc/raddb/modules/ldap 
============================= 
ldap { 
server = "file.sambadom.org" 
password = "asecurepassword" 
identity = "cn=ldapuser,cn=users,dc=samba4,dc=yauoi,dc=org" 
basedn = "ou=accounting,dc=sambadom,dc=org" 
filter = "(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})" 
ldap_connections_number = 5 
max_uses = 0 
timeout = 4 
timelimit = 3 
net_timeout = 1 
tls { 
start_tls = no 
} 
dictionary_mapping = ${confdir}/ldap.attrmap 
edir_account_policy_check = no 
keepalive { 
idle = 60 
probes = 3 
interval = 3 
} 
} 
============================= 

When I try authentication test in machine B, 
eapol_test -c ./peap-mschapv2.conf -s testing123 

peap-mschapv2.conf 
==================== 
network={ 
ssid="amazonforest" 
scan_ssid=1 
key_mgmt=WPA-EAP 
eap=PEAP 
identity="peter" 
#anonymous_identity="anonymous" 
password="asecurepassword" 
phase2="autheap=MSCHAPV2" 

# 
# Uncomment the following to perform server certificate validation. 
ca_cert="/usr/local/freeradius/etc/raddb/certs/ca.der" 
} 
==================== 

The result is failed. 


Is there anything I did wrongly? 

Kinglok, Fong 


-- 
To unsubscribe from this list go to the following URL and read the 
instructions: https://lists.samba.org/mailman/options/samba 



More information about the samba mailing list