For any1 else who might have the same problem, it was resolved by the following cmd:
chgrp radiusd /var/cache/samba/winbindd_privileged/ original article: http://www.members.optushome.com.au/~wskwok/poptop_ads_howto_10.htm Thanks to google and Alan for tipping me off. Yes I am about to backup everything :P before resuming ldap. On 4/24/07, Jacob Jarick <[EMAIL PROTECTED]> wrote: > radiusd -X -f: http://pastebin.ca/455497 > > Alan, I have been trying todo my groundwork / homework is all, ie > research before asking. > Its simply a case of taking whatever support is available and not > always being aware who the devs are. When nothing you have tried works > try something you havent. Its rare to be told, dont google, ask. > > Anyway, I appoligize for getting testy, I should have said if there is > a doc I should be reading paste the link, rather than have me google, > find the incorrect one then be told the howto/document is incorrect. > > Now regarding your document Alan, > > Page 12 of 20 > > "Make sure that fhe following lines are uncommented and that the value > is the same as indicated here > > authtype = MS-CHAP" > > Is this the line in question > > " > # An example configuration for using /etc/smbpasswd. > # > #passwd etc_smbpasswd { > # filename = /etc/smbpasswd > # format = > "*User-Name::LM-Password:NT-Password:SMB-Account-CTRL-TEXT::" > > # authtype = MS-CHAP > # hashsize = 100 > # ignorenislike = no > # allowmultiplekeys = no > #} > " > > I have checked through the tutorial again, all my config files were in > order but ntlm_auth was failing for some reason, a reboot later and > all was well again. > > Here is the output of my testing ntlm_auth, so you know I have the > samba side working. > > " > [EMAIL PROTECTED] ~]# net join -U Administrator > Administrator's password: > Using short domain name -- TFXSCHOOL > Joined 'LOCALHOST' to realm 'TFXSCHOOL.INTERNAL' > [EMAIL PROTECTED] ~]# wbinfo -a jacob%pass > plaintext password authentication failed > error code was NT_STATUS_NO_SUCH_USER (0xc0000064) > error messsage was: No such user > Could not authenticate user jacob%pass with plaintext password > challenge/response password authentication succeeded > [EMAIL PROTECTED] ~]# ntlm_auth --request-nt-key --domain=tfxschool > --username=jacob > password: > NT_STATUS_OK: Success (0x0) > [EMAIL PROTECTED] ~]# > " > > So thats samba checking passwords fine. > > I ask because it is not under the "# Microsoft CHAP authentication" > section at all. > > I went through the whole log this time (sorry bad habbit of scrolling > up for the last error then working on that 1 1st) > > " > modcall: entering group MS-CHAP for request 6 > rlm_mschap: No User-Password configured. Cannot create LM-Password. > rlm_mschap: No User-Password configured. Cannot create NT-Password. > rlm_mschap: Told to do MS-CHAPv2 for jacob with NT-Password > " > > ^ Does that mean it did not get sent the password, or simply that it > didnt find User-Password so its using the found NT-Password ?. > > And just below that (mem feels silly) I see: > " > Exec-Program: /usr/bin/ntlm_auth --request-nt-key --username=jacob > --domain=TFXSCHOOL --challenge=a1a6b069c8d565ac > --nt-response=abd3d6a8f9fdef0cf50b4ea12325cbaa9fbeccfd716c07ec > Exec-Program output: winbind client not authorized to use > winbindd_pam_auth_crap. Ensure permissions on > /var/cache/samba/winbindd_privileged are set correctly. (0xc0000022) > Exec-Program-Wait: plaintext: winbind client not authorized to use > winbindd_pam_auth_crap. Ensure permissions on > /var/cache/samba/winbindd_privileged are set correctly. (0xc0000022) > Exec-Program: returned: 1 > rlm_mschap: External script failed. > rlm_mschap: FAILED: MS-CHAP2-Response is incorrect > modcall[authenticate]: module "mschap" returns reject for request 6 > modcall: leaving group MS-CHAP (returns reject) for request 6 > " > > Looking at resolving that issue right now. > > > > On 4/24/07, Alan DeKok <[EMAIL PROTECTED]> wrote: > > Jacob Jarick wrote: > > > Sorry to offend, > > > But I have been seeing alot of "Docs warn u of this etc" but seeing as > > > there are so many conflicting documents seeing the generic reply when > > > I have read / googled high and low is quite frustrating. > > > > The authors of the program you're using have told you what works and > > what doesn't. You have a hard time believing them, because of some > > random web page that isn't associated with the project. > > > > Is that really what you're saying? > > > > If your boss tells you to come in to work at 9am, do you show up at > > noon, claiming confusion, because the 10 year old newspaper boy down the > > street said you could show up at noon? > > > > Alan DeKok. > > -- > > http://deployingradius.com - The web site of the book > > http://deployingradius.com/blog/ - The blog > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
