Problems with Samba

L.P.H. van Belle belle at bazuin.nl
Fri May 28 15:18:53 CEST 2021 

I say samba settings.  

Verify if this is set in smb.conf. 
ntlm auth = mschapv2-and-ntlmv2-only 
And, if you have Samba-AD-DC's. that must be set in these also. 

Greetz, 

Louis 

> -----Oorspronkelijk bericht-----
> Van: Freeradius-Users 
> [mailto:freeradius-users-bounces+belle=bazuin.nl at lists.freerad
ius.org] Namens Alan DeKok
> Verzonden: vrijdag 28 mei 2021 15:18
> Aan: FreeRadius users mailing list
> Onderwerp: Re: Problems with Samba
> 
> On May 28, 2021, at 8:44 AM, Klemen forneci <forneci at gmail.com> wrote:
> > I hope someone can shine a light on my problem with Freeradius 3 and
> > mschap (running on centos7 with samba/winbind)
> > So long story short, I notice that every ~5 minutes there 
> is a problem
> > with NTLM_AUTH. Even with testing with radtest -t mscahp at the same
> > time, I get:
> > ...
> > Child PID 5238 is taking too much time: forcing failure and 
> killing child.
> 
>   This isn't a FreeeRADIUS issue.
> 
>   Something is blocking the script, and it's not FreeRADIUS.  
> Fix whatever is blocking the script, and it will be fixed.
> 
> > I know this may not be a radius issue, beause of the fact that
> > in-between the system works as expected and the line: Child PID 5238
> > is taking too much time: forcing failure and killing child, 
> but I have
> > my hopes up someone can point me in the right direction.
> 
>   It could be just about anything.  Some other system 
> crashes, transient network issues, etc.
> 
> > On the backend there is a Windows AD, multiple DC (tried 
> setting only
> > 1 in samba, same issue), the server is domain joined.
> > I have multiple servers with the same issue (in the same 
> environment)
> 
>   Look at the Samba logs to see what's going on.  The 
> ntlm_auth program basically just calls Samba.  So if 
> ntlm_auth doesn't return... blame Samba.  And look at Samba 
> to see what's happening.
> 
> > What allso puzzles me, are the logs:
> > Server 1:
> > Fri May 28 14:35:27 2021 : ERROR: (59476) mschap_thor: ERROR: Failed
> > to read from child output
> > Fri May 28 14:35:31 2021 : ERROR: (59508) mschap_loki: ERROR: Failed
> > to read from child output
> > Fri May 28 14:35:35 2021 : ERROR: (59534) mschap_loki: ERROR: Failed
> > to read from child output
> > Fri May 28 14:40:03 2021 : ERROR: (60960) mschap_loki: ERROR: Failed
> > to read from child output
> > Fri May 28 14:40:08 2021 : ERROR: (60993) mschap_loki: ERROR: Failed
> > to read from child output
> > Fri May 28 14:40:12 2021 : ERROR: (61017) mschap_loki: ERROR: Failed
> > to read from child output
> > Fri May 28 14:40:14 2021 : ERROR: (61030) mschap_loki: ERROR: Failed
> > to read from child output
> > Fri May 28 14:40:15 2021 : ERROR: (61040) mschap_loki: ERROR: Failed
> > to read from child output
> > 
> > Server 2:
> > Fri May 28 14:38:29 2021 : ERROR: (4) mschap_thor: ERROR: Failed to
> > read from child output
> > Fri May 28 14:38:44 2021 : ERROR: (5) mschap_thor: ERROR: Failed to
> > read from child output
> > 
> > It's like a blinker. One works, the other doesnt.
> 
>   It's Samba and/or AD and/or some local networking issue.
> 
>   Alan DeKok.
> 
> 
> -
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
>

More information about the Freeradius-Users mailing list