Connecting the dots.

[Alan Buxey]

Hi,

> We have implemented a freeradius server on ubuntu 10.04 connecting to AD on windows 2003 to allow our users to auth against for wirless access.
> 
> This morning it all broke. And we don’t know why.

okay. a not so wild stab in the dark.


yesterday or day before a SAMBA security issue was highlighted, my guess
is that the Ubuntu folk have released an update for this - which meant that
a new version of SAMBA was put onto your system. this new version has most likely
blatted the settings on your winbindd_privileged directory   (use eg 'locate'
on your system to find its location...usually somewhere like /var/cache/samba/
or /var/lib/samba) that dir (winbindd_privileged) needs to be group owned by the 
process which radiusd runs as ....usually radiusd


another thing you can do is to actually see whats breaking. just run the FreeRADIUS
daemon in debug mode


radiusd -X



yes, theres a hell of a lot of output. a lot of it can be just skimmed...it all starts to
make sense when you get used to it.... but run it in that mode...capturing the output
(even just by setting your terminal scroll buffer to eg 5000 lines then select all
copy and paste into an editor if needs be....) when a few clients try connecting.
then read through whilst having a coffee.... it should be quite clear whats gone wrong.


> So I started looking to build a new server to fault find.

you really really dont need to do that


alan