Authenticating against Active Directory using winbind

Alan Buxey alan.buxey at gmail.com
Tue Sep 11 13:50:44 CEST 2018


hi,

check the permissions of the winbindd_privileged directory - might have
been changed when samba patched.  (ideally you add radiusd to the winbind
group)

alan

On Tue, 11 Sep 2018 at 12:42, Christoffer J├Ânsson <chrjsn at imap.cc> wrote:

> Hello! I used this guide a year ago to enable 802.1x on my switches and
> APs and it worked without any problems to authenticate to my Samba4 AD/DC:
>
> https://wiki.freeradius.org/guide/Active-Directory-direct-via-winbind.
>
> Today I am having trouble getting it to work because it wont accept the
> password when running this command or connecting from switches:
>
> "radtest -t mschap adtest Password1 127.0.0.1 0 testing123". And winbind
> returns this result:
>
> "NTLM CRAP authentication for user [auth.chrjsn.se]\[adtest] returned
> NT_STATUS_WRONG_PASSWORD".
>
> But running this command, it authenticates with this result:
>
> ntlm_auth --username=adtest --domain=auth.chrjsn.se
> Password:
> NT_STATUS_OK: Success (0x0):
>
> "Plain-text authentication for user AUTH.CHRJSN.SE\adtest returned
> NT_STATUS_OK (PAM: 0)"
>
> Radiusd reports that password has expired, when it has not. I have reset
> the password for adtest and administrator with same results.
>
> I don't know if there's any new settings or something and I'm really
> stuck here.
>
> It also doesn't matter which version of samba/freeradius I'm using.
>
> Thanks!
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list