[Samba] freeradius on dc?
Zombie Ryushu
zombie_ryushu at yahoo.com
Wed Nov 30 07:13:28 UTC 2022
On 11/30/22 02:01, Joachim Lindenberg via samba wrote:
> Hello Andrew,
> good point. Actually I would love to run freeradius + samba in one or two docker containers. However, while there are descriptions on how to run freeradius in a container, there aren´t a lot for a samba member server. Any pointer for that?
> Thanks,
> Joachim
>
> -----Ursprüngliche Nachricht-----
> Von: Andrew Bartlett <abartlet at samba.org>
> Gesendet: Mittwoch, 30. November 2022 00:51
> An: Joachim Lindenberg <samba at lindenberg.one>; samba at lists.samba.org
> Betreff: Re: [Samba] freeradius on dc?
>
> On Tue, 2022-11-29 at 22:31 +0100, Joachim Lindenberg via samba wrote:
>> Hello,
>>
>> I am wondering whether it is possible / recommended or not, to install
>> and use freeradius on a domain controller. The documentation at
>> https://wiki.samba.org/index.php/Authenticating_Freeradius_against_Act
>> ive_Directory is about installation/configuration on member servers
>> only.
>>
>> Any thoughts? What changes on a dc?
> It should still just work, as the same winbindd is under the hood and this mode of operation is connected, but running a member server allows more separation of concerns and avoids any DC being 'special'.
>
> VMs or containers are good for this.
>
> Andrew Bartlett
I might be able to chime in on here, if your DC is RFC2307 Compliant,
you might be able to treat Samba like OpenLDAP and Heimdal.
I used to do this with my old OpenLDAP/Heimdal/Samba 3 Setup. I know for
a fact, the OpenLDAP Schema for FreeRadius can be converted and imported
into Samba 4 AD, but this "breaks" Samba 4's compatibility with other AD
Forests wherein actual Windows Servers need the same Schema.
More information about the samba
mailing list