[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: RE: freeRADIUS+samba3.0.1+AD(multiple domains)
From: Hangjun He <elmerhe () yahoo ! com ! cn>
Date: 2008-02-29 3:12:28
Message-ID: 338347.95496.qm () web15103 ! mail ! cnb ! yahoo ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Great news!
We are using krb5-1.3.2 and samba-3.0.1. These 2 version support multiple domains?
Can you give me some example about how to configure krb5.conf and smb.comf?
Thanks.
John
Joe Vieira <jvieira@clarku.edu> дµÀ£º
> > But there are multiple domains in active-directory. How to configure
> > freeRADIUS or samba can let it support multiple domains?
> FreeRADIUS just used Samba to do authentication with AD. The winbind
> && ntlm_auth API used in Samba cannot authenticate to multiple domains.
that's not entirely true, you can (and i do) get samba to auth to multiple domains. \
the domains either need to be in the same forest,and or have full trusts back and \
forth. (i also found that adding them each to your kerberos config helps)
basically you join to one of them and you should be able to enumerate all the users \
from both thru winbind or getent...
Joe
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
---------------------------------
ÑÅ»¢ÓÊÏä´«µÝÐ Äê×£¸££¬¸öÐԺؿ¨ËÍÇ×Åó£¡
[Attachment #5 (text/html)]
<div>Great news!</div> <div> </div> <div>We are using krb5-1.3.2 and \
samba-3.0.1. These 2 version support multiple domains?</div> <div>Can you give me \
some example about how to configure krb5.conf and smb.comf?</div> <div> </div> \
<div>Thanks.</div> <div>John</div> <div><BR><BR><B><I>Joe Vieira \
<jvieira@clarku.edu></I></B> дµÀ£º</div> <BLOCKQUOTE class=replbq \
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #1010ff 2px \
solid"><BR>>> But there are multiple domains in active-directory. How to \
configure<BR>>> freeRADIUS or samba can let it support multiple \
domains?<BR><BR>> FreeRADIUS just used Samba to do authentication with AD. The \
winbind<BR>>&& ntlm_auth API used in Samba cannot authenticate to multiple \
domains.<BR><BR>that's not entirely true, you can (and i do) get samba to auth to \
multiple domains. the domains either need to be in the same forest,and or have full \
trusts back and forth. (i also found that adding them each to your kerberos config \
helps)<BR><BR>basically you join to one of them and you should be able to enumerate \
all the users from both thru winbind or getent...<BR><BR>Joe<BR><BR>-<BR>List \
info/subscribe/unsubscribe? See \
http://www.freeradius.org/list/users.html<BR></BLOCKQUOTE><BR><p> 
<hr size=1><a href="http://cn.mail.yahoo.com/gc/index.html?entry=5&souce=mail_mailletter_tagline">ÑÅ»¢ÓÊÏä´«µÝÐ \
Äê×£¸££¬¸öÐԺؿ¨ËÍÇ×Åó£¡</a>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic