ntlm_auth multiple domains
Hi, I'm using ntlm_auth to authenticate users in freeradius. My samba server is joined to DOMAINA. When I run ntlm_auth --username=domainauser everything works great. When I run ntlm_auth --username=domainbuser it fails because the user does not exist in domaina which the server is joined to. If I run ntlm_auth --username=domainbuser --domain=domainb it works great. I was wanting to do ntlm_auth --domain=domaina --domain=domainb --username=domainbuser, it works only because the second domain variable is domainb. If I were to use a domainauser, it would fail. Would setting up realms help? How can I tell freeradius to use ntlm_auth --domain=domaina on domaina users and ntlm_auth --domain=domainb on domainb users? Any ideas??? tia, jamie Jamie Crawford, MCSE RHCT Network Analyst I Information Services Central Missouri State University Warrensburg, MO 64093 Phone:6605434357 Email:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ntlm_auth multiple domains
Jamie Crawford [EMAIL PROTECTED] wrote: When I run ntlm_auth --username=domainauser everything works great. When I run ntlm_auth --username=domainbuser it fails because the user does not exist in domaina which the server is joined to. You need to point winbindd to a global catalog server, and then establish trust relationships between the GC and all of the domains. Would setting up realms help? No. The limitation is due to Active Directory, not realms or FreeRADIUS. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ntlm_auth multiple domains
I'm trying to validate a user from two trusted NT4 domains. I cannot get ntlm_auth --username=domainb/domainbuser to work. How are you supposed to validate a user with domain credentials, when you can't pass along the domain information? I think it's more of a limitation with ntlm_auth than anything. tia, jamie [EMAIL PROTECTED] 9/20/2005 11:45:49 AM Jamie Crawford [EMAIL PROTECTED] wrote: When I run ntlm_auth --username=domainauser everything works great. When I run ntlm_auth --username=domainbuser it fails because the user does not exist in domaina which the server is joined to. You need to point winbindd to a global catalog server, and then establish trust relationships between the GC and all of the domains. Would setting up realms help? No. The limitation is due to Active Directory, not realms or FreeRADIUS. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ntlm_auth multiple domains
Jamie Crawford [EMAIL PROTECTED] wrote: I'm trying to validate a user from two trusted NT4 domains. I cannot get ntlm_auth --username=domainb/domainbuser to work. How are you supposed to validate a user with domain credentials, when you can't pass along the domain information? I think it's more of a limitation with ntlm_auth than anything. Have you tried reading the configuration files? There are examples of passing domains to ntlm_auth. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ntlm_auth multiple domains
First Thanks for the help. I solved my own problem in my previous email and didnt realize it. Second This got it working. change radiusd.conf /usr/bin/ntlm_auth --domain=realm--request-nt-key --username=mschap:User-Name add to proxy.conf realm DOMAINA type = radius authhost = LOCAL accthost = LOCAL realm DOMAINB type = radius authhost = LOCAL accthost = LOCAL realm DOMAINC type = radius authhost = LOCAL accthost = LOCAL [EMAIL PROTECTED] 09/20/05 3:54 pm Jamie Crawford [EMAIL PROTECTED] wrote:Im trying to validate a user from two trusted NT4 domains.Icannot get ntlm_auth --username=domainb/domainbuser to work.Howare you supposed to validate a user with domain credentials whenyou cant pass along the domain informationI think its more of alimitation with ntlm_auth than anything.Have you tried reading the configuration filesThere are examplesof passing domains to ntlm_auth.Alan DeKok.-List info/subscribe/unsubscribe See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html