[Samba] Samba + FreeRadius + Ubiquiti

L.P.H. van Belle belle at bazuin.nl
Wed Feb 24 08:16:24 UTC 2021 

What your missing is in above page.

> https://blog.stevedong.com/post/how-to-install-and-configure-freeradius-
> with-active-directory-allow-allow-specific-group-of-users-to-authenticate-
> in-debian-10/.  
In here, well, this 

- .LOCAL as example. I'll ignore that ,but please dont use .local (or .lan)
- Modify /etc/krb5.conf, a normal setup, does not need any change at all. 
  ( but what is shown isnt wrong )
- For using ntlm_auth:  ( solution in below link ) 

https://wiki.samba.org/index.php/Authenticating_Freeradius_against_Active_Directory


Greetz, 

Louis

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Tyler Montney via
> samba
> Verzonden: dinsdag 23 februari 2021 21:34
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] Samba + FreeRadius + Ubiquiti
> 
> Someone from FreeRadius suggested I post over here, that Louis recently
> went down a similar path and might be able to help.
> 
> I have a Unifi wireless controller that I want to offer RADIUS
> authentication. The controller points to the latest version of FreeRadius.
> Finally, this uses a Samba 4 instance, with integrated LDAP as my PDC. All
> are running Ubuntu 18.04.
> 
> I started from scratch and followed this:
> https://blog.stevedong.com/post/how-to-install-and-configure-freeradius-
> with-active-directory-allow-allow-specific-group-of-users-to-authenticate-
> in-debian-10/.
> The following pass:
> 
>    - wbinfo -a <user>%<password>
>    - ntlm_auth --request-nt-key --domain=TESTING --username=<user>
>    --password=<password>"
>    - radtest <domain_accout> <password> localhost 0 testing123
> 
> The following fail:
> 
>    -   radtest -t mschap <user> <password> localhost 0 testing123
> 
> Running this gives me "bad username/password" on freeradius. I can see
> something similar in the samba logs. My assumption is there's something up
> with this line: ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
> --domain=TESTING --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-
> None}}
> --challenge=%{%{mschap:Challenge}:-00}
> --nt-response=%{%{mschap:NT-Response}:-00}".
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list