[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: PEAP-MSCHAPv2 Radius auth against bullseye TJENER

[ Mike Gabriel, 2022-01-19 ]
> I am currently setting up a FreeRADIUS on TJENER (bullseye) and find that
> the Debian Edu documentation (esp. the Debian Edu 11 release announcement)
> states that PEAP-MSCHAPv2 is supported by the FreeRADIUS setup script.
> @Wolfgang: do you have a PEAP-MSCHAPv2 setup running?

atm no (missing resources). at the time I added the script, things 
worked justfine, using the edu cert on my phone as well.

> For testing purposes, I have set ntlm_auth = yes in smb.conf.

that isn't the way to go, use the provided config:

> When using ntlm_auth to authenticate against smbd on TJENER I always get
> ```
> $ ntlm_auth --username=gabmik --domain=SGM
> Password:
> NT_STATUS_NO_SUCH_USER: The specified account does not exist. (0xc0000064)

as of bullseye, PDC with 'domain' is gone, fake domain is tjener
use 'smbclient -L tjener' (as user gabmik).
> I understand that Samba user information for the standalone server is now
> stored locally on TJENER (and password changes are managed via hook calls to
> smbpasswd).
> Any idea how to track this down further?

'man pdbedit' is your friend, eg

pdbedit -L -v -u gabmik


Attachment: signature.asc
Description: PGP signature

Reply to: