Configuring FreeRADIUS to authenticate against AD

Martin Ubank Martin.Ubank at uwe.ac.uk
Fri Oct 21 11:27:27 CEST 2011


Thanks Fajar.

'campus.ads.uwe.ac.uk' is a DNS alias to 6 AD servers and had been working previously.
I changed /etc/krb5.conf & /etc/samba/smb.conf to point to 1 of the 6 AD servers and 'net join ...' & 'wbinfo -a ...' now work.  The commands also work with 2 other AD servers.
Why the DNS alias has stopped working is an issue to investigate later.
I will continue the FreeRadius deployment using a single AD server.
Thanks again for your help.

Martin.

-----Original Message-----
From: freeradius-users-bounces+martin.ubank=uwe.ac.uk at lists.freeradius.org [mailto:freeradius-users-bounces+martin.ubank=uwe.ac.uk at lists.freeradius.org] On Behalf Of Fajar A. Nugraha
Sent: 21 October 2011 09:25
To: FreeRadius users mailing list
Subject: Re: Configuring FreeRADIUS to authenticate against AD

On Fri, Oct 21, 2011 at 3:10 PM, Martin Ubank <Martin.Ubank at uwe.ac.uk> wrote:
> I've been following the FreeRadius Deployment guide
> http://deployingradius.com/documents/configuration/active_directory.html

> I've edited /etc/krb5.conf, as follows:
>   kdc = campus.ads.uwe.ac.uk

does this server exists and reachable?

> I've also edited /etc/samba/smb.conf (comments & blank lines excluded):

>         realm = campus.ads.uwe.ac.uk
>         password server = campus.ads.uwe.ac.uk

those two usually aren't the same. Are you sure you're using the
correct information? Does the server exists and reachable?

> I then run 'net join -U USERNAME' and get:
>
>
>
> Unable to find a suitable server for domain CAMPUS
>
> Unable to find a suitable server for domain CAMPUS

Basically you'd need to get samba to correctly join the domain. Don't
bother going further until this works. samba user list/forum might be
able to provide more help.

-- 
Fajar

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html






More information about the Freeradius-Users mailing list