Freeradius Multiple Disjoint Ad Domains

Arnab Roy arnabroy at mail.com
Mon May 22 13:27:53 CEST 2017 

   Hi ,

   Before I begin I would like to apologise that this is not really a FR
   issue but the Samba community has been less than helpful in responding
   hence hoping in the collective knowledge of this list I can get some
   pointers.

   We have a situation where we have 2 AD domains which are running across
   two complete separate AD domains i.e. no trust. Because of political
   reasons they cannot establish a trust.

   I have been able to get multiple instances of winbindd running with
   separate smb.conf's and joined to the respective AD domains.

   The problem seems to be ntlm_auth doesnt see that the winbindd
   privileged pipe and winbindd socket is running in a custom directory.

   I know what to do in the FR side ..

   Just wondering anyone has any experience with this kind of setup. Once
   I can get the ntlm_auth to work I can than finish off the rest of the
   FR config. My SMB config looks like follows:

   Winbindd_A

   server string = Samba Server Domain A
   hosts allow = 127.
   log file = /var/log/samba/log-DOMAINA.%m
   log level = 3
   max log size = 50
   security = ads
   encrypt passwords = yes
   passdb backend = tdbsam
   load printers = no
   cups options = raw
   printcap name = /dev/null
   allow trusted domains = yes
   interfaces=172.21.8.250
   bind interfaces only = yes
   WORKGROUP=DOMAINA-NETWORKS
   REALM=DOMAINA-networks.com
   pid directory = /var/run/samba/DOMAINA-networks
   lock directory = /var/cache/samba/DOMAINA-networks
   private dir = /var/cache/samba/DOMAINA-networks
   winbindd socket directory = /var/cache/samba/DOMAINA-networks
   winbindd privileged socket directory =
   /var/cache/samba/DOMAINA-networks/winbindd_privileged
   smb passwd file = /var/cache/samba/DOMAINA-networks
   state directory = /var/cache/samba/DOMAINA-networks
   cache directory = /var/cache/samba/DOMAINA-networks
   usershare path = /var/cache/samba/DOMAINA-networks
   ntp signd socket directory = /var/cache/samba/DOMAINA-networks



   winbindd_B

   server string = Samba Server Domain B
   hosts allow = 127.
   log file = /var/log/samba/log-DOMAINB.%m
   log level = 3
   max log size = 50
   security = ads
   encrypt passwords = yes
   passdb backend = tdbsam
   load printers = no
   cups options = raw
   printcap name = /dev/null
   allow trusted domains = yes
   interfaces=172.21.8.250
   bind interfaces only = yes
   WORKGROUP=DOMAINB-NETWORKS
   REALM=DOMAINB-networks.com
   pid directory = /var/run/samba/DOMAINB-networks
   lock directory = /var/cache/samba/DOMAINB-networks
   private dir = /var/cache/samba/DOMAINB-networks
   winbindd socket directory = /var/cache/samba/DOMAINB-networks
   winbindd privileged socket directory =
   /var/cache/samba/DOMAINB-networks/winbindd_privileged
   smb passwd file = /var/cache/samba/DOMAINB-networks
   state directory = /var/cache/samba/DOMAINB-networks
   cache directory = /var/cache/samba/DOMAINB-networks
   usershare path = /var/cache/samba/DOMAINB-networks
   ntp signd socket directory = /var/cache/samba/DOMAINB-networks


   Any pointers would be extremely appreciated..

More information about the Freeradius-Users mailing list