[Samba] Radius auth problem after DC update
Jiří František
jiri.frant at gmail.com
Fri Oct 19 13:00:18 UTC 2018
Hello list,
We were using two DC with 4.3.4 version of samba. Radius authentication
wont work after upgrade one of DC to version 4.6.7. Authentication is
working If winbind on radius server connects to DC with version 4.3.4.
I tried install new radius server following tutorial on
https://wiki.samba.org/index.php/Authenticating_Freeradius_against_Active_Directory
with
same result. Radius is working on DC with older version of samba.
I think that the problem will be somewhere in winbind on radius server.
If I want to test authentication with wbinfo I get following output:
wbinfo -a user%pass
plaintext password authentication failed
Could not authenticate user user%pass with plaintext password
challenge/response password authentication succeeded.
My smb.conf on radius server (samba 4.7.1, radiusd 3.0.13):
[global]
security = ADS
workgroup = DOMAIN
realm = DOMAIN.LAN
log file = /var/log/samba/%m.log
log level = 1
ntlm auth = mschapv2-and-ntlmv2-only
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config DOMAIN:backend = ad
idmap config DOMAIN:schema_mode = rfc2307
idmap config DOMAIN:range = 10000-999999
idmap config DOMAIN:unix_nss_info = no
template shell = /bin/bash
template homedir = /home/%U
Why I have problem with radius authentication of users with newer version
of samba on DC?
Any reply will be appreciate.
Thank you
More information about the samba
mailing list