SRU Test Case [ Provided by Craig Balfour]:
Install Software
----------------
apt-get install samba winbind krb5-user freeradius
Configure Kerberos
------------------
Edit /etc/krb5.conf:
[realms]
EXAMPLE.CO.ZA = {
kdc = server1.example.co.za
kdc = server2.example.co.za
admin_server = server1.example.co.za
}
[domain_realm]
.example.co.za = EXAMPLE.CO.ZA
example.co.za = EXAMPLE.CO.ZA
Configure Samba
---------------
Edit /etc/samba/smb.conf:
workgroup = EXAMPLE
security = ads
realm = EXAMPLE.CO.ZA
Join Samba to Active Directory Domain
-------------------------------------
net join -U Administrator
service winbind restart
service smbd restart
Configure freeradius
--------------------
Edit /etc/freeradius/modules/mschap:
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{mschap
:User-Name:-None} --domain=%{%{mschap:NT-Domain}:-EXAMPLE}
--challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-
Response:-00}"
addgroup freerad winbindd_priv
service freeradius restart
Install and Configure rad_eap_test
----------------------------------
apt-get install libssl-dev
Download http://hostap.epitest.fi/releases/wpa_supplicant-0.7.3.tar.gz
tar zxvof wpa_supplicant-0.7.3.tar.gz
cd wpa_supplicant-0.7.3/wpa_supplicant
Create .config:
CONFIG_IEEE8021X_EAPOL=y
CONFIG_EAP_MSCHAPV2=y
CONFIG_EAP_TLS=y
CONFIG_EAP_PEAP=y
CONFIG_EAP_TTLS=y
CONFIG_EAP_LEAP=y
CONFIG_IEEE8021X=y
make eapol_test
Download http://wiki.eduroam.cz/rad_eap_test/rad_eap_test-0.23.tar.bz2
tar jxvof rad_eap_test-0.23.tar.bz2
cd rad_eap_test-0.23
cp ../wpa_supplicant-0.7.3/wpa_supplicant/eapol_test bin/
./rad_eap_test -H localhost -P 1812 -S testing123 -u fred -p password -m
WPA-EAP -e PEAP
With faulty version of Samba test returns:
access-reject; 1
With fixed version of Samba, test returns:
access-accept; 0
References:
1. http://deployingradius.com/documents/configuration/active_directory.html
2. http://marcel.bl2000.org/?p=242
** Changed in: samba (Ubuntu Lucid)
Importance: Undecided => Low
** Changed in: samba (Ubuntu Maverick)
Importance: Undecided => Low
** Changed in: samba (Ubuntu Lucid)
Status: New => In Progress
** Changed in: samba (Ubuntu Maverick)
Status: New => In Progress
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to samba in ubuntu.
https://bugs.launchpad.net/bugs/623342
Title:
ntlm_auth returns invalid NT_KEY
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
