Authenticating against Active Directory using winbind
alan.buxey at gmail.com
Tue Sep 11 13:50:44 CEST 2018
check the permissions of the winbindd_privileged directory - might have
been changed when samba patched. (ideally you add radiusd to the winbind
On Tue, 11 Sep 2018 at 12:42, Christoffer Jönsson <chrjsn at imap.cc> wrote:
> Hello! I used this guide a year ago to enable 802.1x on my switches and
> APs and it worked without any problems to authenticate to my Samba4 AD/DC:
> Today I am having trouble getting it to work because it wont accept the
> password when running this command or connecting from switches:
> "radtest -t mschap adtest Password1 127.0.0.1 0 testing123". And winbind
> returns this result:
> "NTLM CRAP authentication for user [auth.chrjsn.se]\[adtest] returned
> But running this command, it authenticates with this result:
> ntlm_auth --username=adtest --domain=auth.chrjsn.se
> NT_STATUS_OK: Success (0x0):
> "Plain-text authentication for user AUTH.CHRJSN.SE\adtest returned
> NT_STATUS_OK (PAM: 0)"
> Radiusd reports that password has expired, when it has not. I have reset
> the password for adtest and administrator with same results.
> I don't know if there's any new settings or something and I'm really
> stuck here.
> It also doesn't matter which version of samba/freeradius I'm using.
> List info/subscribe/unsubscribe? See
More information about the Freeradius-Users