[Samba] FreeRADIUS & SAMBA when Active Directory domain is not a FQDN
Andrew Bartlett
abartlet at samba.org
Wed Nov 13 21:41:19 UTC 2019
Can you clarify again what the UPN is vs what the users enter via
FreeRADIUS as their 'username'?
I'm a bit lost.
Andrew Bartlett
On Wed, 2019-11-13 at 20:07 +0000, Steve Bluck via samba wrote:
> Hi Rowland,
> Apologies for the tardy reply, I mistakenly set the mailing list to
> digest...
> Thanks for the suggestion, I'll ask the AD guys about this but I have
> a feeling it is an unlikely solution as Office 365 & Skype for
> Business apparently relies on the UPN. Unfortunately the local domain
> is a result of following Microsoft's "Best Practice" in the early
> 2000's which has since changed.
> Since I posted this I've found some suggestions around doing a LDAP
> lookup first and pass the results to ntlm_auth so shall do some
> investigation on that.
> Cheers
> Steve
>
>
> ________________________________
> From: Rowland penny <rpenny at samba.org>
> Sent: Wednesday, 13 November 2019 11:10 AM
> To: samba at lists.samba.org <samba at lists.samba.org>
> Subject: Re: [Samba] FreeRADIUS & SAMBA when Active Directory domain
> is not a FQDN
>
> On 12/11/2019 21:17, Steve Bluck via samba wrote:
> > OS is Centos 7; FreeRADIUS Version 3.0.13; Samba version 4.9.1;
> >
> >
> >
> > I'm building a FreeRADIUS box for Eduroam authentication for both
> > SP & IDP, and have hit a stumbling block I can’t figure or Google
> > my way out of.
> >
> >
> >
> > The issue is the local AD domain is along the lines of
> > ‘example.campus’, but users have a UPN of ‘user at example.com’ which
> > was added for Skype for Business as prior the UPN was ‘
> > user at example.campus’.
>
> I am not a freeradius expert, but how about this, change the UPN back
> to
> what it should be 'user at example.campus' and then add a SPN for
> 'user at example.com'
>
> Rowland
>
>
>
--
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Development and Support, Catalyst IT
https://catalyst.net.nz/services/samba
More information about the samba
mailing list