[Samba] Samba + FreeRadius + Ubiquiti
Tyler Montney
montneytyler at gmail.com
Tue Feb 23 20:34:09 UTC 2021
Someone from FreeRadius suggested I post over here, that Louis recently
went down a similar path and might be able to help.
I have a Unifi wireless controller that I want to offer RADIUS
authentication. The controller points to the latest version of FreeRadius.
Finally, this uses a Samba 4 instance, with integrated LDAP as my PDC. All
are running Ubuntu 18.04.
I started from scratch and followed this:
https://blog.stevedong.com/post/how-to-install-and-configure-freeradius-with-active-directory-allow-allow-specific-group-of-users-to-authenticate-in-debian-10/.
The following pass:
- wbinfo -a <user>%<password>
- ntlm_auth --request-nt-key --domain=TESTING --username=<user>
--password=<password>"
- radtest <domain_accout> <password> localhost 0 testing123
The following fail:
- radtest -t mschap <user> <password> localhost 0 testing123
Running this gives me "bad username/password" on freeradius. I can see
something similar in the samba logs. My assumption is there's something up
with this line: ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
--domain=TESTING --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}}
--challenge=%{%{mschap:Challenge}:-00}
--nt-response=%{%{mschap:NT-Response}:-00}".
More information about the samba
mailing list