[Samba] Radius auth problem after DC update
Micha Ballmann
ballmann at uni-landau.de
Fri Oct 19 13:40:07 UTC 2018
Hi,
on your DC set "ntlm auth = yes" for testing. I dont know when, but ntlm
auth is no more enabled by default! In the past i got the same issue
with my radius server.
for more, show here ("ntlm auth (G)"):
https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html
best regards
micha
Am 19.10.2018 um 15:00 schrieb Jiří František via samba:
> Hello list,
> We were using two DC with 4.3.4 version of samba. Radius authentication
> wont work after upgrade one of DC to version 4.6.7. Authentication is
> working If winbind on radius server connects to DC with version 4.3.4.
> I tried install new radius server following tutorial on
> https://wiki.samba.org/index.php/Authenticating_Freeradius_against_Active_Directory
> with
> same result. Radius is working on DC with older version of samba.
> I think that the problem will be somewhere in winbind on radius server.
> If I want to test authentication with wbinfo I get following output:
>
> wbinfo -a user%pass
> plaintext password authentication failed
> Could not authenticate user user%pass with plaintext password
> challenge/response password authentication succeeded.
>
> My smb.conf on radius server (samba 4.7.1, radiusd 3.0.13):
> [global]
> security = ADS
> workgroup = DOMAIN
> realm = DOMAIN.LAN
>
> log file = /var/log/samba/%m.log
> log level = 1
> ntlm auth = mschapv2-and-ntlmv2-only
>
> idmap config * : backend = tdb
> idmap config * : range = 3000-7999
> idmap config DOMAIN:backend = ad
> idmap config DOMAIN:schema_mode = rfc2307
> idmap config DOMAIN:range = 10000-999999
> idmap config DOMAIN:unix_nss_info = no
> template shell = /bin/bash
> template homedir = /home/%U
>
> Why I have problem with radius authentication of users with newer version
> of samba on DC?
> Any reply will be appreciate.
> Thank you
More information about the samba
mailing list