Re: [Packetfence-users] Configuring radius with active directory

Wed, 07 Dec 2011 05:11:37 -0800 

Yes the workgroup has an impact.  If you do a testparm, what it tells you?

On 11-12-07 4:02 AM, Morris, Andi wrote:
I see, well in our case I have the two set the same, should this affect anything? Samba is not telling me that the workgroup is wrong. 

Cheers,
Andi

*From:*Francois Gaudreault [mailto:fgaudrea...@inverse.ca]
*Sent:* 06 December 2011 16:57
*To:* packetfence-users@lists.sourceforge.net
*Subject:* Re: [Packetfence-users] Configuring radius with active directory
The realm is not the same as the workgoup. The realm refers to the one configured in krb5.conf, and the workgroup is the netbios name of the domain. Samba should tell you if the workgroup is wrong in the error message. 


On 11-12-06 11:40 AM, Morris, Andi wrote:

No difference after editing the smb.conf as suggested.

Out of interest, should the realm and the workgroup be the same?

*From:*Francois Gaudreault [mailto:fgaudrea...@inverse.ca]
*Sent:* 06 December 2011 16:14
*To:* packetfence-users@lists.sourceforge.net <mailto:packetfence-users@lists.sourceforge.net> *Subject:* Re: [Packetfence-users] Configuring radius with active directory 

Ok two things:
1. Do a kinit first.  (ie. kinit myuser), that should work.  Is it?
2. Use only the smb.conf from the guide, remove every other configs from the smb.conf. Basically, copy and paste the configuration from the guide, and change your workgroup, ip and realm attributes. 

Let me know if it works better.

On 11-12-06 10:50 AM, Morris, Andi wrote:

Ok cheers, here they are with domain names and IP addresses edited.

Krb5.conf:

[logging]
default = FILE:/var/log/krb5libs.log <FILE:///%5C%5C%5C%5Cvar%5Clog%5Ckrb5libs.log>
kdc = FILE:/var/log/krb5kdc.log <FILE:///%5C%5C%5C%5Cvar%5Clog%5Ckrb5kdc.log>
admin_server = FILE:/var/log/kadmind.log <FILE:///%5C%5C%5C%5Cvar%5Clog%5Ckadmind.log> 

[libdefaults]

default_realm = MYDOMAIN.CO.UK

dns_lookup_realm = false

dns_lookup_kdc = false

ticket_lifetime = 24h

renew_lifetime = 7d

forwardable = true

[realms]

  MYDOMAIN.CO.UK = {

  kdc = activedirectoryservername:88

  admin_server = activedirectoryservername:749

  default_domain = mydomain.co.uk

}

[domain_realm]

mydomain.co.uk = MYDOMAIN.CO.UK

mydomain.co.uk = MYDOMAIN.CO.UK

[appdefaults]

pam = {

   debug = false

   ticket_lifetime = 36000

   renew_lifetime = 36000

   forwardable = true

   krb4_convert = false

}
Smb.conf (leaving out any commented lines, I added the global config as per the admin guide, the others are there by default): 

[global]

workgroup = MYDOMAIN.CO.UK

        server string = pfence01

        interfaces = 1.2.3.4/24    (Packetfence management IP address)

        security = ADS

        passdb backend = tdbsam

        realm = MYDOMAIN.CO.UK

        encrypt passwords = yes

        winbind use default domain = yes

        client NTLMv2 auth = yes

        preferred master = no

        load printers = no

        cups options = raw

        idmap uid = 10000-45000

        idmap gid = 10000-45000

        log level = 1 winbind:5 auth:3

        log file = /var/log/samba/log.%m

        max log size = 50

        security = user

        passdb backend = tdbsam

        load printers = yes

        cups options = raw

[homes]

        comment = Home Directories

        browseable = no

        writable = yes

[printers]

        comment = All Printers

        path = /var/spool/samba

        browseable = no

        guest ok = no

        writable = no

        printable = yes

*From:*Francois Gaudreault [mailto:fgaudrea...@inverse.ca]
*Sent:* 06 December 2011 15:33
*To:* packetfence-users@lists.sourceforge.net <mailto:packetfence-users@lists.sourceforge.net> *Subject:* Re: [Packetfence-users] Configuring radius with active directory 

Hi,

Can you post your krb5.conf and your smb.conf?  Otherwise we are blind...

On 11-12-06 6:52 AM, Morris, Andi wrote:
I'm trying to setup radius to authenticate clients with my active directory database so that I can utilise the 802.1x on the switches. However I've got to the section where I need to add my server to the domain after configuring samba and it is failing. I don't know whether it's related or not, but since doing this I can also no longer use the web interface for the server. 

The failure message I get when trying to add the server to the domain is:

Host is not configured as a member server.

Invalid configuration.  Exiting....
Failed to join domain: This operation is only allowed for the PDC of the domain. 

Can anyone shed some light on this please?

Cheers,

Andi

------------------------------------------------------------------------
>From 1st November 2011 UWIC changed its title to Cardiff Metropolitan University. From the 6th December, as part of this change, all email addresses which included @uwic.ac.uk have changed to @cardiffmet.ac.uk. All emails sent from Cardiff Metropolitan University will now be sent from the new @cardiffmet.ac.uk address. *Please could you ensure that all of your contact records and databases are updated to reflect this change.* Further information can be found on the website here. <http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx>
------------------------------------------------------------------------------ 
Cloud Services Checklist: Pricing and Packaging Optimization
This white paper is intended to serve as a reference, checklist and point of
discussion for anyone considering optimizing the pricing and packaging model
of a cloud services business. Read Now!
http://www.accelacomm.com/jaw/sfnl/114/51491232/
_______________________________________________ 
Packetfence-users mailing list
Packetfence-users@lists.sourceforge.net  
<mailto:Packetfence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users






--
Francois Gaudreault, ing. jr
fgaudrea...@inverse.ca  <mailto:fgaudrea...@inverse.ca>   ::  +1.514.447.4918 (x130) 
::www.inverse.ca  <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (www.sogo.nu  <http://www.sogo.nu>) and 
PacketFence (www.packetfence.org  <http://www.packetfence.org>)
------------------------------------------------------------------------------ 
Cloud Services Checklist: Pricing and Packaging Optimization
This white paper is intended to serve as a reference, checklist and point of
discussion for anyone considering optimizing the pricing and packaging model
of a cloud services business. Read Now!
http://www.accelacomm.com/jaw/sfnl/114/51491232/
_______________________________________________ 
Packetfence-users mailing list
Packetfence-users@lists.sourceforge.net  
<mailto:Packetfence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users





--
Francois Gaudreault, ing. jr
fgaudrea...@inverse.ca  <mailto:fgaudrea...@inverse.ca>   ::  +1.514.447.4918 (x130) 
::www.inverse.ca  <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (www.sogo.nu  <http://www.sogo.nu>) and 
PacketFence (www.packetfence.org  <http://www.packetfence.org>)
------------------------------------------------------------------------------ 
Cloud Services Checklist: Pricing and Packaging Optimization
This white paper is intended to serve as a reference, checklist and point of
discussion for anyone considering optimizing the pricing and packaging model
of a cloud services business. Read Now!
http://www.accelacomm.com/jaw/sfnl/114/51491232/
_______________________________________________ 
Packetfence-users mailing list
Packetfence-users@lists.sourceforge.net  
<mailto:Packetfence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users




--
Francois Gaudreault, ing. jr
fgaudrea...@inverse.ca  <mailto:fgaudrea...@inverse.ca>   ::  +1.514.447.4918 (x130) 
::www.inverse.ca  <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (www.sogo.nu  <http://www.sogo.nu>) and 
PacketFence (www.packetfence.org  <http://www.packetfence.org>)


------------------------------------------------------------------------------
Cloud Services Checklist: Pricing and Packaging Optimization
This white paper is intended to serve as a reference, checklist and point of
discussion for anyone considering optimizing the pricing and packaging model
of a cloud services business. Read Now!
http://www.accelacomm.com/jaw/sfnl/114/51491232/


_______________________________________________
Packetfence-users mailing list
Packetfence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users



--
Francois Gaudreault, ing. jr
fgaudrea...@inverse.ca  ::  +1.514.447.4918 (x130) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)


------------------------------------------------------------------------------
Cloud Services Checklist: Pricing and Packaging Optimization
This white paper is intended to serve as a reference, checklist and point of 
discussion for anyone considering optimizing the pricing and packaging model 
of a cloud services business. Read Now!
http://www.accelacomm.com/jaw/sfnl/114/51491232/
_______________________________________________
Packetfence-users mailing list
Packetfence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to