Web lists-archives.com

Re: [Samba] Radius auth problem after DC update




Hi,

on your DC set "ntlm auth = yes" for testing. I dont know when, but ntlm auth is no more enabled by default! In the past i got the same issue with my radius server.

for more, show here ("ntlm auth (G)"):

https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html

best regards

micha


Am 19.10.2018 um 15:00 schrieb Jiří František via samba:
Hello list,
We were using two DC with 4.3.4 version of samba. Radius authentication
wont work after upgrade one of DC to version 4.6.7. Authentication is
working If winbind on radius server connects to DC with version 4.3.4.
I tried install new radius server following tutorial on
https://wiki.samba.org/index.php/Authenticating_Freeradius_against_Active_Directory
with
same result. Radius is working on DC with older version of samba.
I think that the problem will be somewhere in winbind on radius server.
If I want to test authentication with wbinfo I get following output:

wbinfo -a user%pass
plaintext password authentication failed
Could not authenticate user user%pass with plaintext password
challenge/response password authentication succeeded.

My smb.conf on radius server (samba 4.7.1, radiusd 3.0.13):
[global]
        security = ADS
        workgroup = DOMAIN
        realm = DOMAIN.LAN

        log file = /var/log/samba/%m.log
        log level = 1
        ntlm auth = mschapv2-and-ntlmv2-only

        idmap config * : backend = tdb
        idmap config * : range = 3000-7999
        idmap config DOMAIN:backend = ad
        idmap config DOMAIN:schema_mode = rfc2307
        idmap config DOMAIN:range = 10000-999999
        idmap config DOMAIN:unix_nss_info = no
        template shell = /bin/bash
        template homedir = /home/%U

Why I have problem with radius authentication of users with newer version
of samba on DC?
Any reply will be appreciate.
Thank you


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba