FreeRADIUS no longer authenticating domain clients following spplication of RHEL5 package updates yesterday morning

Matthew Newton mcn4 at leicester.ac.uk
Thu Apr 21 02:06:29 CEST 2016


On Wed, Apr 20, 2016 at 06:12:28PM +0000, A.L.M.Buxey at lboro.ac.uk wrote:
> 
> /var/lib/samba for the winbindd_privileged directory
> 
> PS move to 3.1.x on CentOS7 with SAMBA 4.3 install - you can then use native winbind connections
> and avoid this ntlm_auth issue

FreeRADIUS will still need permission to access the winbind
privileged pipe. It just talks to it directly rather than via
ntlm_auth.

Not sure there's any nice way to check and report if the
permissions are correct, either; you need to know the location of
the privileged pipe. It's possible to find out where it is[0], but
I don't recall that libwbclient exposes that directly. Getting
FreeRADIUS to write random things into winbind's unprivileged pipe
to get the location is probably not the best idea.

Maybe doing some other winbind info lookup that requires access to
the priv pipe would be enough to warn what the problem is at
FreeRADIUS start time.

Cheers,

Matthew


[0] http://notes.asd.me.uk/2015/03/19/finding-the-winbind-privileged-pipe/

-- 
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>


More information about the Freeradius-Users mailing list