I install freeradius 3 in debian 9. I can login with user from text file in radius but I want to login with user from Active Directory.
First, I install this library.
apt install samba winbind krb5-user krb5-config -y
Then I config realm like this.
Default Kerberos version 5 realm: XXX.EDU
Kerberos servers for your realm: ad.xxx.local
Administrative server for your Kerberos realm: ad.xxx.local
In file /etc/samba/smb.conf . I put this code under line workgroup = XXX
security = ADS
realm = XXX.EDU
encrypt passwords = yes
client use spnego = yes
idmap config *:backend = tdb
idmap config *:range = 2000-9999
idmap config XXX:backend = ad
idmap config XXX:schema_mode = rfc2307
idmap config XXX:range = 10000-99999
winbind nss info = rfc2307
winbind trusted domains only = no
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
winbind refresh tickets = Yes
In file /etc/krb5.conf
[libdefaults]
default_realm = XXX.EDU
dns_lookup_realm = true
dns_lookup_kdc = false
forwardable = true
[realms]
XXX.EDU = {
kdc = ad.xxx.local
admin_server = ad.xxx.local
}
[domain_realm]
.xxx.local = XXX.EDU
xxx.local = XXX.EDU
After reboot server I use this command.
net ads join -U Administrator
It's join success.
Joined 'XXX' to dns domain 'xxx.edu'
After that, I use this command for check user but it not show anything.
wbinfo -u
I test user login with this command.
usr/bin/ntlm_auth --domain=XXX --username=user_ad@xxx.edu --password=pass_user_ad
It's show error like this. I'm sure I have user user_ad@xxx.edu in AD but It's not found user.
NT_STATUS_NO_SUCH_USER: No such user (0xc0000064)
If I change domain like this.
usr/bin/ntlm_auth --domain=XXX.EDU --username=user_ad@xxx.edu --password=pass_user_ad
It's show error.
NT_STATUS_NO_MEMORY: Memory allocation error (0xc0000017)
How to use active directory user with freeradius ?