On Wed, Apr 20, 2016 at 06:12:28PM +0000, A.L.M.Buxey@lboro.ac.uk wrote:
/var/lib/samba for the winbindd_privileged directory
PS move to 3.1.x on CentOS7 with SAMBA 4.3 install - you can then use native winbind connections and avoid this ntlm_auth issue
FreeRADIUS will still need permission to access the winbind privileged pipe. It just talks to it directly rather than via ntlm_auth. Not sure there's any nice way to check and report if the permissions are correct, either; you need to know the location of the privileged pipe. It's possible to find out where it is[0], but I don't recall that libwbclient exposes that directly. Getting FreeRADIUS to write random things into winbind's unprivileged pipe to get the location is probably not the best idea. Maybe doing some other winbind info lookup that requires access to the priv pipe would be enough to warn what the problem is at FreeRADIUS start time. Cheers, Matthew [0] http://notes.asd.me.uk/2015/03/19/finding-the-winbind-privileged-pipe/ -- Matthew Newton, Ph.D. <mcn4@le.ac.uk> Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>