[Samba] Samba4 and Freeradius
L.P.H. van Belle
belle at bazuin.nl
Mon Oct 21 12:22:31 UTC 2019
Thats more a "free radius list" question..
But no, you better use the group checking part from/in module rlm_ldap
And yes, i "should" be possible, if you look into module winbind
All i know is results from ldap are better the winbind, but i've not tested that.
And im sure there are other users here on the list that can tell more about that.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Micha Ballmann via samba
> Verzonden: maandag 21 oktober 2019 13:53
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] Samba4 and Freeradius
>
> Hello,
>
> i've configured a new freeradius server for WLAN authentication. My
> radius server is a domain member on my samba 4.7.12 ADDC. For
> my mschap
> configuration i followd this guide:
> https://wiki.samba.org/index.php/Authenticating_Freeradius_aga
> inst_Active_Directory.
>
> The auth works! I can configure ntlm_auth in two differents way?
>
> ntlm_auth = "/path/to/ntlm_auth*--allow-mschapv2* --request-nt-key
> --username=%{mschap:User-Name} --domain=MYDOMAIN
> --challenge=%{%{mschap:Challenge}:-00}
> --nt-response=%{%{mschap:NT-Response}:-00}"
>
> OR
>
> winbind_username = "%{mschap:User-Name}"
> winbind_domain = "%{mschap:NT-Domain}"
>
>
>
> Both ways are working, but now im hanging a little bit. Currently im
> using this config in /mods-available/mschap:
>
> winbind_username = "%{mschap:User-Name}"
> winbind_domain = "%{mschap:NT-Domain}"
>
> (ntlm_auth = ... is commented out)
>
> I have an AD Group "WLAN".
>
> How can i authenticate against this groups? Is there any
> directive like
> "winbind_group = "?
>
> Regards
>
> Micha
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list