[Samba] Freeradius, Samba AD and machine account...

Marco Gaiarin gaio at sv.lnf.it
Fri Jul 16 14:25:15 UTC 2021 

A bit tired, but is friday, to go around the Win10 'upgrades'... in
20H2 seems that there's no way to save 'system wide' a wireless
WPA2/PEAP/MSCHAPv2 credentials, so wireless cannot start at boot time,
but only after user logon...


Anyway, but also for this, i'm trying to revamp my 'WPA2/PEAP/MSCHAPv2
auth with machine account' configuration that worked decently for
samba3/NT, and that i've not tried in Samba/AD.


I've followed:

	https://wiki.freeradius.org/guide/FreeRADIUS-Active-Directory-Integration-HOWTO

but still seems i need some pre/post processing, because i get:

 Jul 16 16:15:15 vdmsv1 radiusd[23026]: (9)   Login incorrect: [host/AFTERSHOCK.ad.fvg.lnf.it] (from client unifi-sv port 0 cli 00-C2-C6-24-2D-63 via TLS tunnel)
 Jul 16 16:15:15 vdmsv1 radiusd[23026]: (10) eap_peap:   The users session was previously rejected: returning reject (again.)
 Jul 16 16:15:15 vdmsv1 radiusd[23026]: (10) eap_peap:   This means you need to read the PREVIOUS messages in the debug output
 Jul 16 16:15:15 vdmsv1 radiusd[23026]: (10) eap_peap:   to find out the reason why the user was rejected
 Jul 16 16:15:15 vdmsv1 radiusd[23026]: (10) eap_peap:   Look for "reject" or "fail".  Those earlier messages will tell you
 Jul 16 16:15:15 vdmsv1 radiusd[23026]: (10) eap_peap:   what went wrong, and how to fix the problem
 Jul 16 16:15:15 vdmsv1 radiusd[23026]: (10) Login incorrect (eap: Failed continuing EAP PEAP (25) session.  EAP sub-module failed): [host/AFTERSHOCK.ad.fvg.lnf.it] (from client unifi-sv port 0 cli 00-C2-C6-24-2D-63)

'personal' account login works as expected:

 Jul 16 16:23:35 vdmsv1 radiusd[27296]: (10)   Login OK: [gaio] (from client unifi-sv port 0 cli 00-E1-8C-D7-85-57 via TLS tunnel)
 Jul 16 16:23:35 vdmsv1 radiusd[27296]: (11) Login OK: [gaio] (from client unifi-sv port 0 cli 00-E1-8C-D7-85-57)



Someone have a working setup? Thanks.

-- 
dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

More information about the samba mailing list