[Samba] L2tp and winbind - server role active directory domain controller
Achim Gottinger
achim at ag-web.biz
Tue Aug 30 14:48:31 UTC 2016
Am 30.08.2016 um 15:05 schrieb Gilberto Nunes via samba:
> Hello list...
>
> I have samba 4.1.17 installed and in the same server, I have l2tp.
> Samba it configurated as active directory domain controller.
>
> I am trying authetication against samba with winbind.
> I want to know how to restrict authentication for certain group.
> I put this line in the end of l2tp conf file:
>
> ntlm_auth-helper '/usr/bin/ntlm_auth --helper-protocol=ntlm-server-1
> --require-membership-of="domain\\VPN"'
>
> But I get this in the log.windbindd:
>
> server role = 'active directory domain controller' not compatible with
> running the winbindd binary.
> You should start 'samba' instead, and it will control starting the
> internal AD DC winbindd implementation, which is not the same as this one
>
> And seem to me group restriction do not work!
> Instead, any usser can connect via l2tp vpn.
>
> Somebody can help??
>
> Thanks a lot
>
> Gilberto Ferreira
You can use freeradius with mschap (ntlm_auth) and ldap (for group
memebership requirements) configured to connect to you ad server. Then
configure l2tp to use that freeradius server for authentification.
More information about the samba
mailing list