Freeradius Multiple Disjoint Ad Domains

Matthew Newton mcn4 at
Mon May 22 13:37:25 CEST 2017

On Mon, May 22, 2017 at 01:27:53PM +0200, Arnab Roy wrote:
>    The problem seems to be ntlm_auth doesnt see that the winbindd
>    privileged pipe and winbindd socket is running in a custom directory.

IIRC ntlm_auth connects to winbindd using the /tmp/.winbindd/pipe
pipe, and then queries winbindd over that pipe what the location of
the priv pipe is.

So if you've got two winbindds both with /tmp/.winbindd/pipe, only
one of those is going to work.

Assuming the two copies of Samba were compiled with different
locations then it might work. I'd be inclined to strace all the
things and see what's really happening.

I'd expect that if you built Samba and installed in /opt/samba1/
and /opt/samba2/ and then ran /opt/samba1/ntlm_auth and
/opt/samba2/ntlm_auth that the locations would probably be
separate and all would be OK.

But running two copies of Samba on the same box is hardly a
standard setup, so you're likely to be on your own.

Or you could just proxy the RADIUS request to a separate VM with
another instance of Samba on it and save the unusual setup.


Matthew Newton, Ph.D. <mcn4 at>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at>

More information about the Freeradius-Users mailing list