Configuring FreeRADIUS to authenticate against AD
Martin Ubank
Martin.Ubank at uwe.ac.uk
Fri Oct 21 11:27:27 CEST 2011
Thanks Fajar.
'campus.ads.uwe.ac.uk' is a DNS alias to 6 AD servers and had been working previously.
I changed /etc/krb5.conf & /etc/samba/smb.conf to point to 1 of the 6 AD servers and 'net join ...' & 'wbinfo -a ...' now work. The commands also work with 2 other AD servers.
Why the DNS alias has stopped working is an issue to investigate later.
I will continue the FreeRadius deployment using a single AD server.
Thanks again for your help.
Martin.
-----Original Message-----
From: freeradius-users-bounces+martin.ubank=uwe.ac.uk at lists.freeradius.org [mailto:freeradius-users-bounces+martin.ubank=uwe.ac.uk at lists.freeradius.org] On Behalf Of Fajar A. Nugraha
Sent: 21 October 2011 09:25
To: FreeRadius users mailing list
Subject: Re: Configuring FreeRADIUS to authenticate against AD
On Fri, Oct 21, 2011 at 3:10 PM, Martin Ubank <Martin.Ubank at uwe.ac.uk> wrote:
> I've been following the FreeRadius Deployment guide
> http://deployingradius.com/documents/configuration/active_directory.html
> I've edited /etc/krb5.conf, as follows:
> kdc = campus.ads.uwe.ac.uk
does this server exists and reachable?
> I've also edited /etc/samba/smb.conf (comments & blank lines excluded):
> realm = campus.ads.uwe.ac.uk
> password server = campus.ads.uwe.ac.uk
those two usually aren't the same. Are you sure you're using the
correct information? Does the server exists and reachable?
> I then run 'net join -U USERNAME' and get:
>
>
>
> Unable to find a suitable server for domain CAMPUS
>
> Unable to find a suitable server for domain CAMPUS
Basically you'd need to get samba to correctly join the domain. Don't
bother going further until this works. samba user list/forum might be
able to provide more help.
--
Fajar
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list