[debian-edu-commits] [Git][debian-edu/debian-edu-config][master] Improve Samba configuration to support using PEAP-MSCHAPv2 with FreeRADIUS

Wolfgang Schweer gitlab at salsa.debian.org
Tue Oct 27 17:23:23 GMT 2020 


Wolfgang Schweer pushed to branch master at Debian Edu / debian-edu-config


Commits:
f09c15a1 by Wolfgang Schweer at 2020-10-27T18:21:13+01:00
Improve Samba configuration to support using PEAP-MSCHAPv2 with FreeRADIUS

Add 'netbios name = tjener' in etc/samba/smb-debian-edu.conf (the value will be
used as domain name).

Add ntlm auth stanza to share/debian-edu-config/smb.conf.edu-site (FreeRADIUS case
restricted setting 'ntlm auth = mschapv2-and-ntlmv2-only').

Signed-off-by: Wolfgang Schweer <wschweer at arcor.de>

- - - - -


3 changed files:

- debian/changelog
- etc/samba/smb-debian-edu.conf
- share/debian-edu-config/smb.conf.edu-site


Changes:

=====================================
debian/changelog
=====================================
@@ -1,3 +1,13 @@
+debian-edu-config (2.11.34) UNRELEASED; urgency=medium
+
+  * Improve Samba configuration to support using PEAP-MSCHAPv2 with FreeRADIUS:
+    - Add 'netbios name = tjener' in etc/samba/smb-debian-edu.conf (the value
+      will be used as domain name).
+    - Add ntlm auth stanza to share/debian-edu-config/smb.conf.edu-site (case
+      restricted setting 'ntlm auth = mschapv2-and-ntlmv2-only').
+
+ -- Wolfgang Schweer <wschweer at arcor.de>  Tue, 27 Oct 2020 16:28:48 +0100
+
 debian-edu-config (2.11.33) unstable; urgency=medium
 
   [ Wolfgang Schweer ]


=====================================
etc/samba/smb-debian-edu.conf
=====================================
@@ -3,7 +3,8 @@
 # based upon the default smb.conf file for the Bullseye release.
 
 # Wolfgang Schweer <wschweer at arcor.de>
-# Last edited: 2020-10-21
+# First edited: 2020-10-21
+# Last edited: 2020-10-27
 
 # NOTE: Don't edit this file. If you want to change settings, copy
 # /usr/share/debian-edu-config/smb.conf.edu-site to the /etc/samba dir.
@@ -58,6 +59,7 @@
 
 # Change this to the workgroup/NT-domain name your Samba server will part of
    workgroup = SKOLELINUX
+   netbios name = tjener
 
 #### Networking ####
 


=====================================
share/debian-edu-config/smb.conf.edu-site
=====================================
@@ -13,6 +13,13 @@
 # The template file needs to be generated, see 'man net' for details.
 ;   usershare template share = template
 
+# Uncomment the next entry for Freeradius 3 to accept PEAP-MSCHAPv2; the file
+# /etc/freeradius/3.0/mods-available/mschap needs this long line:
+# ntlm_auth = "/usr/bin/ntlm_auth --allow-mschapv2 --domain=TJENER --request-nt-key \
+# --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} \
+# --challenge=%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00}"
+;   ntlm auth = mschapv2-and-ntlmv2-only
+
 [homes]
 # Uncomment if home directories should be writable.
 ;   writable = yes



View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/commit/f09c15a193b6e9e5bc5301b0d519cf602f95f708

-- 
View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/commit/f09c15a193b6e9e5bc5301b0d519cf602f95f708
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-edu-commits/attachments/20201027/0a3ad91f/attachment-0001.html>

More information about the debian-edu-commits mailing list