Re: Problem with ntlm winbind - No User-Password configured. Cannot create LM-Password

2006-03-29 Thread James J J Hooper 



--On Wednesday, March 29, 2006 15:47:15 +0200 Konne [EMAIL PROTECTED] 
wrote:



hi

my problem is following:

Exec-Program: /usr/bin/ntlm_auth --request-nt-key --domain=X
--username=USER --challenge=921647d950709696
--nt-response=5882778194e622a6b9da392d2852d62ceb17144f53e7ced2
Exec-Program output: winbind client not authorized to use
winbindd_pam_auth_crap.  Ensure permissions on
/var/cache/samba/winbindd_privileged are set correctly. (0xc022)
Exec-Program-Wait: plaintext: winbind client not authorized to use
winbindd_pam_auth_crap.  Ensure permissions on
/var/cache/samba/winbindd_privileged are set correctly. (0xc022)


change the permissions on /var/cache/samba/winbindd_privileged so that the 
user radius runs as has access to it.


e.g:
chgrp radiusd /var/cache/samba/winbindd_privileged
chmod g+rw /var/cache/samba/winbindd_privileged

Regards,
  James

--
James J J Hooper,
Information Services
University of Bristol
--
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Problem with ntlm winbind - No User-Password configured. Cannot create LM-Password

2006-03-29 Thread Alan DeKok 
Konne [EMAIL PROTECTED] wrote:
 i searched on the web but i found nothing. someone has an idea?

  READ the debug output you posted to the list:

 Exec-Program-Wait: plaintext: winbind client not authorized to use 
 winbindd_pam_auth_crap.  Ensure permissions on 
 /var/cache/samba/winbindd_privileged are set correctly. (0xc022)

  Maybe that text would be relevant... but you have to READ IT.

  Alan DeKok.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Problem with ntlm winbind - No User-Password configured. Cannot create LM-Password

2006-03-29 Thread Konne 

Hi,

thx... now its running... :-)
but i dont know if this error is something special. or isnt it  an error?
its that log ok?


modcall: group authorize returns updated for request 6
 rad_check_password:  Found Auth-Type EAP
auth: type EAP
 Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
 rlm_eap: Request found, released from the list
 rlm_eap: EAP/mschapv2
 rlm_eap: processing type mschapv2
 Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 6
*  rlm_mschap: No User-Password configured.  Cannot create LM-Password.
 rlm_mschap: No User-Password configured.  Cannot create NT-Password.*
 rlm_mschap: Told to do MS-CHAPv2 for Lehrer with NT-Password
radius_xlat: Running registered xlat function of module mschap for 
string 'NT-Domain'
radius_xlat: Running registered xlat function of module mschap for 
string 'User-Name'
radius_xlat: Running registered xlat function of module mschap for 
string 'Challenge'

mschap2: cb
radius_xlat: Running registered xlat function of module mschap for 
string 'NT-Response'




if i like to distinguish admin vlan and user-vlan, how i can do it. i 
have no idea.

has someone any idea?

thx konne



J
ames J J Hooper schrieb:




--On Wednesday, March 29, 2006 15:47:15 +0200 Konne 
[EMAIL PROTECTED] wrote:



hi

my problem is following:

Exec-Program: /usr/bin/ntlm_auth --request-nt-key --domain=X
--username=USER --challenge=921647d950709696
--nt-response=5882778194e622a6b9da392d2852d62ceb17144f53e7ced2
Exec-Program output: winbind client not authorized to use
winbindd_pam_auth_crap.  Ensure permissions on
/var/cache/samba/winbindd_privileged are set correctly. (0xc022)
Exec-Program-Wait: plaintext: winbind client not authorized to use
winbindd_pam_auth_crap.  Ensure permissions on
/var/cache/samba/winbindd_privileged are set correctly. (0xc022)



change the permissions on /var/cache/samba/winbindd_privileged so that 
the user radius runs as has access to it.


e.g:
chgrp radiusd /var/cache/samba/winbindd_privileged
chmod g+rw /var/cache/samba/winbindd_privileged

Regards,
  James

--
James J J Hooper,
Information Services
University of Bristol
--
- List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html





- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html