[Samba] Freeradius, Samba AD and machine account...
L.P.H. van Belle
belle at bazuin.nl
Fri Jul 16 15:04:12 UTC 2021
Ah, wrong link Marco.
Read this one : http://deployingradius.com/documents/configuration/active_directory.html
And
https://wiki.samba.org/index.php/Authenticating_Freeradius_against_Active_Directory
;-)
Have a great weekend, im off, going home..
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Marco Gaiarin via samba
> Verzonden: vrijdag 16 juli 2021 16:25
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] Freeradius, Samba AD and machine account...
>
>
> A bit tired, but is friday, to go around the Win10 'upgrades'... in
> 20H2 seems that there's no way to save 'system wide' a wireless
> WPA2/PEAP/MSCHAPv2 credentials, so wireless cannot start at boot time,
> but only after user logon...
>
>
> Anyway, but also for this, i'm trying to revamp my 'WPA2/PEAP/MSCHAPv2
> auth with machine account' configuration that worked decently for
> samba3/NT, and that i've not tried in Samba/AD.
>
>
> I've followed:
>
>
> https://wiki.freeradius.org/guide/FreeRADIUS-Active-Directory-
> Integration-HOWTO
>
> but still seems i need some pre/post processing, because i get:
>
> Jul 16 16:15:15 vdmsv1 radiusd[23026]: (9) Login
> incorrect: [host/AFTERSHOCK.ad.fvg.lnf.it] (from client
> unifi-sv port 0 cli 00-C2-C6-24-2D-63 via TLS tunnel)
> Jul 16 16:15:15 vdmsv1 radiusd[23026]: (10) eap_peap: The
> users session was previously rejected: returning reject (again.)
> Jul 16 16:15:15 vdmsv1 radiusd[23026]: (10) eap_peap: This
> means you need to read the PREVIOUS messages in the debug output
> Jul 16 16:15:15 vdmsv1 radiusd[23026]: (10) eap_peap: to
> find out the reason why the user was rejected
> Jul 16 16:15:15 vdmsv1 radiusd[23026]: (10) eap_peap: Look
> for "reject" or "fail". Those earlier messages will tell you
> Jul 16 16:15:15 vdmsv1 radiusd[23026]: (10) eap_peap: what
> went wrong, and how to fix the problem
> Jul 16 16:15:15 vdmsv1 radiusd[23026]: (10) Login incorrect
> (eap: Failed continuing EAP PEAP (25) session. EAP
> sub-module failed): [host/AFTERSHOCK.ad.fvg.lnf.it] (from
> client unifi-sv port 0 cli 00-C2-C6-24-2D-63)
>
> 'personal' account login works as expected:
>
> Jul 16 16:23:35 vdmsv1 radiusd[27296]: (10) Login OK:
> [gaio] (from client unifi-sv port 0 cli 00-E1-8C-D7-85-57 via
> TLS tunnel)
> Jul 16 16:23:35 vdmsv1 radiusd[27296]: (11) Login OK: [gaio]
> (from client unifi-sv port 0 cli 00-E1-8C-D7-85-57)
>
>
>
> Someone have a working setup? Thanks.
>
> --
> dott. Marco Gaiarin GNUPG
> Key ID: 240A3D66
> Associazione ``La Nostra Famiglia''
> http://www.lanostrafamiglia.it/
> Polo FVG - Via della Bontà, 7 - 33078 - San Vito al
> Tagliamento (PN)
> marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711
> f +39-0434-842797
>
> Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
> http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
> (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list