Re: [Samba] Radius auth problem after DC update
- Date: Fri, 19 Oct 2018 14:26:18 +0100
- From: Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Radius auth problem after DC update
On Fri, 19 Oct 2018 15:00:18 +0200
Jiří František via samba <samba@xxxxxxxxxxxxxxx> wrote:
> Hello list,
> We were using two DC with 4.3.4 version of samba. Radius
> authentication wont work after upgrade one of DC to version 4.6.7.
> Authentication is working If winbind on radius server connects to DC
> with version 4.3.4. I tried install new radius server following
> tutorial on
> with same result. Radius is working on DC with older version of samba.
> I think that the problem will be somewhere in winbind on radius
> server. If I want to test authentication with wbinfo I get following
> wbinfo -a user%pass
> plaintext password authentication failed
> Could not authenticate user user%pass with plaintext password
> challenge/response password authentication succeeded.
> My smb.conf on radius server (samba 4.7.1, radiusd 3.0.13):
> security = ADS
> workgroup = DOMAIN
> realm = DOMAIN.LAN
> log file = /var/log/samba/%m.log
> log level = 1
> ntlm auth = mschapv2-and-ntlmv2-only
> idmap config * : backend = tdb
> idmap config * : range = 3000-7999
> idmap config DOMAIN:backend = ad
> idmap config DOMAIN:schema_mode = rfc2307
> idmap config DOMAIN:range = 10000-999999
> idmap config DOMAIN:unix_nss_info = no
> template shell = /bin/bash
> template homedir = /home/%U
> Why I have problem with radius authentication of users with newer
> version of samba on DC?
> Any reply will be appreciate.
> Thank you
It seems you have to add the 'ntlm auth' line to the DC as well.
To unsubscribe from this list go to the following URL and read the