Re: freeradius and ntlm_auth howto


All,
I finally got it working, but not yet as i want.
The trick that made it work is settings auth-type := MSCHAPv2 for the user(s) and i also started radiusd as root(changed the rights without success to radiusd, but once everything is working i will try to run again with radiusd user)

If i connect my user(s)s with username@realm it works,
but if i use realm\userame the realm is found but no ntlm is used(and authentication fails).

Below you find an extract from the debug where you can see that the correct realm is found. Do i need some options?
(btw i need this to work because automatic logon to the wifi from windows xp with windows credentials is in this format)

modcall[authorize]: module "kmt-eu.kmtg.net" returns noop for request 69
    rlm_realm: Looking up realm "KMT-EU.KMTG.NET" for User-Name = "KMT-EU.KMTG.NET\sstruyf"
    rlm_realm: Found realm "KMT-EU.KMTG.NET"
    rlm_realm: Adding Stripped-User-Name = "sstruyf"
    rlm_realm: Proxying request from user sstruyf to realm KMT-EU.KMTG.NET
    rlm_realm: Adding Realm = "KMT-EU.KMTG.NET"
    rlm_realm: Authentication realm is LOCAL.


Stieven Struyf
M.I.S. Division - System Operations
Komatsu Europe International NV
Mechelsesteenweg 586
B-1800 Vilvoorde
Stieven.Struyf@komatsu.eu
Tel. +32 (0)2 2552551

freeradius-users-bounces+stieven.struyf=komatsu.eu@lists.freeradius.org wrote on 10/26/2006 05:05:44 PM:

> Stieven.Struyf@komatsu.eu wrote:
> > I am trying to authenticate my wifi users via our AD. I'm finding bits and
> > pieces on the internet to configure things, but no completely usable
> > howto.
>
>   What's missing from any of the HOWTO's?  There's some on the Wiki,
> and one on my site.
>
> > Exec-Program-Wait: plaintext: winbind client not authorized to use
> > winbindd_pam_auth_crap.  Ensure permissions on
> > /var/cache/samba/winbindd_privileged are set correctly. (0xc0000022)
>
>   You're running the server as non-root, and the programs it executes
> don't run as root, so they don't have permissions to read that
> directory.  Make the server run as root, or fix the permissions.
>
>   Alan DeKok.
> --
>   http://deployingradius.com       - The web site of the book
>   http://deployingradius.com/blog/ - The blog
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
This archive was generated by a fusion of Pipermail (Mailman edition) and MHonArc.