Manualshelf

Developers guide

ManualsBrandsRed Hat ManualsComputer equipmentNETWORK 4.1.0 -
31323334353637383940
Chapter 5
Copyright © 2008-2013 Inverse inc.
Configuration 32
Note that for Debian and Ubuntu you will probably have this error:
# kinit succeeded but ads_sasl_spnego_krb5_bind failed: Invalid credentials
# Join to domain is not valid: Invalid credentials
Finally, start winbind, and test the setup using ntlm_auth and radtest:
# service winbind start
# chkconfig --level 345 winbind on
For Centos/RHEL:
# usermod -a -G wbpriv pf
For Debian and Ubuntu:
# chgrp pf /var/run/samba/winbindd_privileged/
# ntlm_auth --username myDomainUser
# radtest -t mschap -x myDomainUser myDomainPassword localhost:18120 12
testing123
Sending Access-Request of id 108 to 127.0.0.1 port 18120
User-Name = "myDomainUser"
NAS-IP-Address = 10.0.0.1
NAS-Port = 12
Message-Authenticator = 0x00000000000000000000000000000000
MS-CHAP-Challenge = 0x79d62c9da4e55104
MS-CHAP-Response =
0x000100000000000000000000000000000000000000000000000091c843b420f0dec4228ed2f26bff07d5e49ad9a2974229e5
rad_recv: Access-Accept packet from host 127.0.0.1 port 18120, id=108,
length=20
Option 3: Local Authentication
Add your user’s entries at the end of the /usr/local/pf/raddb/users file with the following format:
username Cleartext-Password := "password"
Option 4: Authentication against OpenLDAP
To be contributed...
Tests
Test your setup with radtest using the following command and make sure you get an Access-Accept
answer: