[Samba] L2tp and winbind - server role active directory domain controller
Gilberto Nunes
gilberto.nunes32 at gmail.com
Tue Aug 30 14:57:14 UTC 2016
hum... thanks Achim....
I think this is more reasonable to my scenario....
I will try!
2016-08-30 11:48 GMT-03:00 Achim Gottinger via samba <samba at lists.samba.org>
:
>
>
> Am 30.08.2016 um 15:05 schrieb Gilberto Nunes via samba:
>
>> Hello list...
>>
>> I have samba 4.1.17 installed and in the same server, I have l2tp.
>> Samba it configurated as active directory domain controller.
>>
>> I am trying authetication against samba with winbind.
>> I want to know how to restrict authentication for certain group.
>> I put this line in the end of l2tp conf file:
>>
>> ntlm_auth-helper '/usr/bin/ntlm_auth --helper-protocol=ntlm-server-1
>> --require-membership-of="domain\\VPN"'
>>
>> But I get this in the log.windbindd:
>>
>> server role = 'active directory domain controller' not compatible with
>> running the winbindd binary.
>> You should start 'samba' instead, and it will control starting the
>> internal AD DC winbindd implementation, which is not the same as this one
>>
>> And seem to me group restriction do not work!
>> Instead, any usser can connect via l2tp vpn.
>>
>> Somebody can help??
>>
>> Thanks a lot
>>
>> Gilberto Ferreira
>>
> You can use freeradius with mschap (ntlm_auth) and ldap (for group
> memebership requirements) configured to connect to you ad server. Then
> configure l2tp to use that freeradius server for authentification.
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
--
Gilberto Ferreira
+55 (47) 9676-7530
Skype: gilberto.nunes36
More information about the samba
mailing list