[ Wolfgang Schweer, 2020-10-23 ] > [ Mike Gabriel, 2020-10-23 ] > > 3. Samba / Winbind and Radius / MSCHAP > > ====================================== > > > > Another aspect, why having a usable Samba in Debian Edu is the option to > > install a freeradius server on the Debian Edu main server and support > > MSCHAPv2 authenation with that. The setup I use at my customers proxies the > > authentication requests for MSCHAPv2 over to the winbind service and this > > requires ntPassword hashes being available to winbind. > > > > This should basically continue to work with your setup, but I'd prefer > > having those password hashes stored in LDAP (and also being used from > > there). I can confirm that PEAP-MSCHAPv2 does work; only change required is to use workgroup = TJENER (instead of SKOLELINUX) in the site-specific smb.conf override file - but that should be set as default anyway for the non-domain Samba setup. Please note: due to the lack of a real hardware / real world test environment, the freeradius test has been done running 'radtest -t mschap <username> <userpassword> localhost 10 test123' on the main server. IIRC from years ago at school, this test should be sufficient. Of course it would be preferable if you would succeed keeping Samba in LDAP. Wolfgang
Attachment:
signature.asc
Description: PGP signature