Deploying FreeRadius against Active Directory

Mathieu Simon (Lists) matsimon.lists at simweb.ch
Fri Mar 1 07:43:50 CET 2019


Hi

Am 28.02.2019 um 23:12 schrieb Daniel Wruck:
> I am plodding along as I set up FreeRadius against Active Directory on a newly installed Ubuntu 18.04 LTS box.
> 
> My finding is that documentation is sparse or outdated. So I am stuck in winbind somewhere.
> 
> Here in https://github.com/FreeRADIUS/freeradius-server/issues/1880, at the bottom, @alendekok tell the user to "Follow the guide at http://deployingradius.com/documents/configuration/active_directory.html". Is this guide still relevant in the Ubuntu 18.04 > FreeRadius v3.0.16 > Samba 4.7.6 days? This guide talks about parameters that do not exist in Samba's out-of-the-box smb.conf anymore? Is there a more relevant guide to FreeRadius 3.0.x integration with  AD LDAP?
The guide should still work as is, nothing has dramatically changed that
I could spot. Unless wbinfo and ntlm_auth from Samba do work as
indicated there, you likely will have to debug Samba and the domain join
on the Samba side before looking more closely into FreeRADIUS.

The mentioned options on Alan's page may not be defined in the default
configuration shipped by your particular Ubuntu version, however all
mentioned options have been and are still present in smb.conf(5) manpage
for your particular release.*

Nonetheless this should still work as Alan usually takes care
deployingradius.com.

However sometimes it can be helpful to twist your head around a topic by
reading it from another source. Google-ing for FreeRADIUS and AD also
leads to the FreeRADIUs wiki:

https://wiki.freeradius.org/guide/Active-Directory-direct-via-winbind#other-active-directory-authentication-methods

Note: Nowadays you shouldn't need to compile Samba since your versions
should support the more performant method over libwbclient as-is.

TL;DR: Try to identify where you are running into issues - is it Samba
or FreeRADIUS at first?

Regards
Mathieu

* http://manpages.ubuntu.com/manpages/bionic/man5/smb.conf.5.html


More information about the Freeradius-Users mailing list