Freeradius Multiple Disjoint Ad Domains

Arnab Roy arnabroy at
Mon May 22 13:54:30 CEST 2017

   Hi Herwin,

   Thanks your response. Yes I have been using the --configfile option and
   it looks like it ignores the options for the socket dir and priv dir
   directives in the config file. Creating additional VM's isnt under my
   control unfortunately and it sounds like a huge waste of resource to me

   Any chance I can simply recompile the NTLM auth binary and specify a
   different winbind sockets ?

   I know again this should be a question the guys at Samba should be
   responding but nobody responds their ..

   Many Thanks

   Sent: Monday, May 22, 2017 at 12:41 PM
   From: "Herwin Weststrate" <herwin at>
   To: freeradius-users at
   Subject: Re: Freeradius Multiple Disjoint Ad Domains
   On 22-05-17 13:27, Arnab Roy wrote:
   > I have been able to get multiple instances of winbindd running with
   > separate smb.conf's and joined to the respective AD domains.
   > The problem seems to be ntlm_auth doesnt see that the winbindd
   > privileged pipe and winbindd socket is running in a custom directory.
   Have you tried this argument for ntlm_auth?
   --configfile=<configuration file>
   The file specified contains the configuration details
   required by the server. The information in this file includes
   server-specific information such as what printcap file to use, as well
   descriptions of all the services that the server is to
   provide. See smb.conf for more information. The default configuration
   file name is determined at compile time.
   And another solution: is it possible to create two VMs for the samba
   servers, both running a freeradius instance. The current freeradius
   instance could act as a proxy (assuming you could select the correct
   radius server based on a realm).
   Herwin Weststrate
   List info/subscribe/unsubscribe? See



More information about the Freeradius-Users mailing list