[Samba] Freeradius, Samba AD and machine account...

L.P.H. van Belle belle at bazuin.nl
Fri Jul 16 15:04:12 UTC 2021 

Ah, wrong link Marco.

Read this one : http://deployingradius.com/documents/configuration/active_directory.html 
And 
https://wiki.samba.org/index.php/Authenticating_Freeradius_against_Active_Directory 
;-) 

Have a great weekend, im off, going home.. 

Greetz, 

Louis
 

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Marco Gaiarin via samba
> Verzonden: vrijdag 16 juli 2021 16:25
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] Freeradius, Samba AD and machine account...
> 
> 
> A bit tired, but is friday, to go around the Win10 'upgrades'... in
> 20H2 seems that there's no way to save 'system wide' a wireless
> WPA2/PEAP/MSCHAPv2 credentials, so wireless cannot start at boot time,
> but only after user logon...
> 
> 
> Anyway, but also for this, i'm trying to revamp my 'WPA2/PEAP/MSCHAPv2
> auth with machine account' configuration that worked decently for
> samba3/NT, and that i've not tried in Samba/AD.
> 
> 
> I've followed:
> 
> 	
> https://wiki.freeradius.org/guide/FreeRADIUS-Active-Directory-
> Integration-HOWTO
> 
> but still seems i need some pre/post processing, because i get:
> 
>  Jul 16 16:15:15 vdmsv1 radiusd[23026]: (9)   Login 
> incorrect: [host/AFTERSHOCK.ad.fvg.lnf.it] (from client 
> unifi-sv port 0 cli 00-C2-C6-24-2D-63 via TLS tunnel)
>  Jul 16 16:15:15 vdmsv1 radiusd[23026]: (10) eap_peap:   The 
> users session was previously rejected: returning reject (again.)
>  Jul 16 16:15:15 vdmsv1 radiusd[23026]: (10) eap_peap:   This 
> means you need to read the PREVIOUS messages in the debug output
>  Jul 16 16:15:15 vdmsv1 radiusd[23026]: (10) eap_peap:   to 
> find out the reason why the user was rejected
>  Jul 16 16:15:15 vdmsv1 radiusd[23026]: (10) eap_peap:   Look 
> for "reject" or "fail".  Those earlier messages will tell you
>  Jul 16 16:15:15 vdmsv1 radiusd[23026]: (10) eap_peap:   what 
> went wrong, and how to fix the problem
>  Jul 16 16:15:15 vdmsv1 radiusd[23026]: (10) Login incorrect 
> (eap: Failed continuing EAP PEAP (25) session.  EAP 
> sub-module failed): [host/AFTERSHOCK.ad.fvg.lnf.it] (from 
> client unifi-sv port 0 cli 00-C2-C6-24-2D-63)
> 
> 'personal' account login works as expected:
> 
>  Jul 16 16:23:35 vdmsv1 radiusd[27296]: (10)   Login OK: 
> [gaio] (from client unifi-sv port 0 cli 00-E1-8C-D7-85-57 via 
> TLS tunnel)
>  Jul 16 16:23:35 vdmsv1 radiusd[27296]: (11) Login OK: [gaio] 
> (from client unifi-sv port 0 cli 00-E1-8C-D7-85-57)
> 
> 
> 
> Someone have a working setup? Thanks.
> 
> -- 
> dott. Marco Gaiarin				        GNUPG 
> Key ID: 240A3D66
>   Associazione ``La Nostra Famiglia''          
> http://www.lanostrafamiglia.it/
>   Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al 
> Tagliamento (PN)
>   marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   
> f +39-0434-842797
> 
> 		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
>       http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
> 	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

More information about the samba mailing list