Freeradius Multiple Disjoint Ad Domains
Matthew Newton
mcn4 at leicester.ac.uk
Mon May 22 13:37:25 CEST 2017
On Mon, May 22, 2017 at 01:27:53PM +0200, Arnab Roy wrote:
> The problem seems to be ntlm_auth doesnt see that the winbindd
> privileged pipe and winbindd socket is running in a custom directory.
IIRC ntlm_auth connects to winbindd using the /tmp/.winbindd/pipe
pipe, and then queries winbindd over that pipe what the location of
the priv pipe is.
So if you've got two winbindds both with /tmp/.winbindd/pipe, only
one of those is going to work.
Assuming the two copies of Samba were compiled with different
locations then it might work. I'd be inclined to strace all the
things and see what's really happening.
I'd expect that if you built Samba and installed in /opt/samba1/
and /opt/samba2/ and then ran /opt/samba1/ntlm_auth and
/opt/samba2/ntlm_auth that the locations would probably be
separate and all would be OK.
But running two copies of Samba on the same box is hardly a
standard setup, so you're likely to be on your own.
Or you could just proxy the RADIUS request to a separate VM with
another instance of Samba on it and save the unusual setup.
Matthew
--
Matthew Newton, Ph.D. <mcn4 at leicester.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users
mailing list