[Samba] freeradius on dc?

Zombie Ryushu zombie_ryushu at yahoo.com
Wed Nov 30 07:13:28 UTC 2022

On 11/30/22 02:01, Joachim Lindenberg via samba wrote:
> Hello Andrew,
> good point. Actually I would love to run freeradius + samba in one or two docker containers. However, while there are descriptions on how to run freeradius in a container, there aren´t a lot for a samba member server. Any pointer for that?
> Thanks,
> Joachim
> -----Ursprüngliche Nachricht-----
> Von: Andrew Bartlett <abartlet at samba.org>
> Gesendet: Mittwoch, 30. November 2022 00:51
> An: Joachim Lindenberg <samba at lindenberg.one>; samba at lists.samba.org
> Betreff: Re: [Samba] freeradius on dc?
> On Tue, 2022-11-29 at 22:31 +0100, Joachim Lindenberg via samba wrote:
>> Hello,
>> I am wondering whether it is possible / recommended or not, to install
>> and use freeradius on a domain controller. The documentation at
>> https://wiki.samba.org/index.php/Authenticating_Freeradius_against_Act
>> ive_Directory  is about installation/configuration on member servers
>> only.
>> Any thoughts? What changes on a dc?
> It should still just work, as the same winbindd is under the hood and this mode of operation is connected, but running a member server allows more separation of concerns and avoids any DC being 'special'.
> VMs or containers are good for this.
> Andrew Bartlett

I might be able to chime in on here, if your DC is RFC2307 Compliant, 
you might be able to treat Samba like OpenLDAP and Heimdal.

I used to do this with my old OpenLDAP/Heimdal/Samba 3 Setup. I know for 
a fact, the OpenLDAP Schema for FreeRadius can be converted and imported 
into Samba 4 AD, but this "breaks" Samba 4's compatibility with other AD 
Forests wherein actual Windows Servers need the same Schema.

More information about the samba mailing list