[Samba] Samba + FreeRadius + Ubiquiti
L.P.H. van Belle
belle at bazuin.nl
Wed Feb 24 08:16:24 UTC 2021
What your missing is in above page.
> https://blog.stevedong.com/post/how-to-install-and-configure-freeradius-
> with-active-directory-allow-allow-specific-group-of-users-to-authenticate-
> in-debian-10/.
In here, well, this
- .LOCAL as example. I'll ignore that ,but please dont use .local (or .lan)
- Modify /etc/krb5.conf, a normal setup, does not need any change at all.
( but what is shown isnt wrong )
- For using ntlm_auth: ( solution in below link )
https://wiki.samba.org/index.php/Authenticating_Freeradius_against_Active_Directory
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Tyler Montney via
> samba
> Verzonden: dinsdag 23 februari 2021 21:34
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] Samba + FreeRadius + Ubiquiti
>
> Someone from FreeRadius suggested I post over here, that Louis recently
> went down a similar path and might be able to help.
>
> I have a Unifi wireless controller that I want to offer RADIUS
> authentication. The controller points to the latest version of FreeRadius.
> Finally, this uses a Samba 4 instance, with integrated LDAP as my PDC. All
> are running Ubuntu 18.04.
>
> I started from scratch and followed this:
> https://blog.stevedong.com/post/how-to-install-and-configure-freeradius-
> with-active-directory-allow-allow-specific-group-of-users-to-authenticate-
> in-debian-10/.
> The following pass:
>
> - wbinfo -a <user>%<password>
> - ntlm_auth --request-nt-key --domain=TESTING --username=<user>
> --password=<password>"
> - radtest <domain_accout> <password> localhost 0 testing123
>
> The following fail:
>
> - radtest -t mschap <user> <password> localhost 0 testing123
>
> Running this gives me "bad username/password" on freeradius. I can see
> something similar in the samba logs. My assumption is there's something up
> with this line: ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
> --domain=TESTING --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-
> None}}
> --challenge=%{%{mschap:Challenge}:-00}
> --nt-response=%{%{mschap:NT-Response}:-00}".
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list