[Samba] Samba + FreeRadius + Ubiquiti
Johannes Engel
jcnengel at gmail.com
Fri Feb 26 16:50:33 UTC 2021
Hi Tyler,
I am running a similar scenario with the following ntlm_auth line in
/etc/raddb/mods-enabled/mschap:
ntlm_auth = "/usr/bin/ntlm_auth --allow-mschapv2 --request-nt-key
--username=%{mschap:User-Name} --challenge=%{%{mschap:Challenge}:-00}
--nt-response=%{%{mschap:NT-Response}:-00}
--domain=%{%{mschap:NT-Domain}:-MYDOMAIN}
However, I have recently moved to the direct usage of Winbind instead of
going via ntlm_auth which is much faster.
Best regards
Johannes
Am Di., 23. Feb. 2021 um 21:35 Uhr schrieb Tyler Montney via samba <
samba at lists.samba.org>:
> Someone from FreeRadius suggested I post over here, that Louis recently
> went down a similar path and might be able to help.
>
> I have a Unifi wireless controller that I want to offer RADIUS
> authentication. The controller points to the latest version of FreeRadius.
> Finally, this uses a Samba 4 instance, with integrated LDAP as my PDC. All
> are running Ubuntu 18.04.
>
> I started from scratch and followed this:
>
> https://blog.stevedong.com/post/how-to-install-and-configure-freeradius-with-active-directory-allow-allow-specific-group-of-users-to-authenticate-in-debian-10/
> .
> The following pass:
>
> - wbinfo -a <user>%<password>
> - ntlm_auth --request-nt-key --domain=TESTING --username=<user>
> --password=<password>"
> - radtest <domain_accout> <password> localhost 0 testing123
>
> The following fail:
>
> - radtest -t mschap <user> <password> localhost 0 testing123
>
> Running this gives me "bad username/password" on freeradius. I can see
> something similar in the samba logs. My assumption is there's something up
> with this line: ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
> --domain=TESTING --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}}
> --challenge=%{%{mschap:Challenge}:-00}
> --nt-response=%{%{mschap:NT-Response}:-00}".
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list