[Samba] Freeradius logon with machine account...

Thu Oct 1 12:56:04 UTC 2020

Den 01.10.2020 14:46, skrev Marco Gaiarin via samba:
> With Samba in NT mode, i was able to enable wireless access using
> machine account, and worked decently.
> 
> Now i want to try again in AD mode, but i've not found info, and i've
> just hit a trouble:
> 
>  Oct  1 14:31:55 vdmsv1 radiusd[13555]: rlm_ldap (ldap): Opening additional connection (25), 1 of 31 pending slots used
>  Oct  1 14:31:55 vdmsv1 radiusd[13555]: (187)   Login incorrect: [host/RUFUS.ad.fvg.lnf.it] (from client unifi-sv port 0 cli B8-EE-65-B1-73-D3 via TLS tunnel)
>  Oct  1 14:31:55 vdmsv1 radiusd[13555]: (188) eap_peap:   The users session was previously rejected: returning reject (again.)
>  Oct  1 14:31:55 vdmsv1 radiusd[13555]: (188) eap_peap:   This means you need to read the PREVIOUS messages in the debug output
>  Oct  1 14:31:55 vdmsv1 radiusd[13555]: (188) eap_peap:   to find out the reason why the user was rejected
>  Oct  1 14:31:55 vdmsv1 radiusd[13555]: (188) eap_peap:   Look for "reject" or "fail".  Those earlier messages will tell you
>  Oct  1 14:31:55 vdmsv1 radiusd[13555]: (188) eap_peap:   what went wrong, and how to fix the problem
>  Oct  1 14:31:55 vdmsv1 radiusd[13555]: (188) Login incorrect (eap: Failed continuing EAP PEAP (25) session.  EAP sub-module failed): [host/RUFUS.ad.fvg.lnf.it] (from client unifi-sv port 0 cli B8-EE-65-B1-73-D3)
> 
> Client try to auth with FQDN and not username (eg RUFUS$).
> 
> 
> Someone have some hint? Thanks.
> 
> -- 

I can't offer any hints, but, this has been on my list of things to do
for some time, could you share with us exactly what you have done so
far, so other can follow and setup the same, maybe we either encounter
the same problems as you, or not.

-- 
Klaus Ade Johnstad

67E61D18B2C44F8A3DA35C6D849F9F5F 26FA477D