On 07/01/13 16:49, Khapare Joshi wrote:
Hello
I been having problem as listed in this bug list:
https://bugzilla.samba.org/show_bug.cgi?id=6563#c59
I know at least few university having similar issue and ended up with
restarting winbind - that resolve the issue. I am not sure which version
of samba+winbind are you using?
We are on RHEL5 using samba3x-3.3.8-0.52.el5_5.2. Our domain is Windows
2008R2, domain functional level is 2008R2 native.
Also, I am just thinking, is there a way to configure both kerberos
(which works TTLS with PAP) and EAP-PEAP with MSCHAPv2 ? if it is
possible I can support both TTLS via kerberos and PEAP - MCHAP with
Active directory (winbind and samba). This way I can continue support
older $$$client xp, win7 and for rest those are supported I can enforce
to use TTLS-PAP with kerberos. It would be great if you direct me in
right road.
Yes you can do this. I'm not sure what you're asking. You just configure
each component correct and let it work.
This is only very slightly tricky because rlm_krb5 doesn't contain any
Auth-Type handling; you need to run krb5 if it's a PAP request, see
below. But you must already be doing this if you're using Kerberos, so
just... keep doing it.
sites-enabled/inner-tunnel:
authorize {
...
eap
mschap
pap
...
}
authenticate {
Auth-Type PAP {
krb5
}
Auth-Type MSCHAP {
mschap
}
eap
}
...then configure "eap {}" appropriately for TTLS and PEAP.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html