Configuring FreeRADIUS to use ntlm_auth

tnt at kalik.co.yu tnt at kalik.co.yu
Fri Sep 14 17:12:33 CEST 2007


Radtest doesn't do MSCHAP. Use different client:

http://jradius.org/wiki/index.php/JRadiusSimulator

Ivan Kalik
Kalik Informatika ISP


Dana 14/9/2007, "charles at copel.com" <charles at copel.com> piše:

>Ok, Alan:
>
>Thanks ... It works ...
>
>Now I am trying to "Configuring my FreeRadius to use ntlm_auth for 
>MS-CHAP" to authenticate my NT users, ok ?
>
>After that I configure the radiusd.conf file with the necessary changes 
>(about ntlm_auth), I am trying to test the authenticate with a valid user of my NT Domain 
>(by radtest) and the FreeRadius reject it.
>
>The output of my FreeRadius´s console:
>
>[root at FreeRADIUS /usr/local/etc/raddb]# radtest copel\charles password 
>localhost 0 testfreeradius
>Sending Access-Request of id 123 to 127.0.0.1 port 1812
>        User-Name = "copelcharles"
>        User-Password = "password"
>        NAS-IP-Address = 255.255.255.255
>        NAS-Port = 0
>rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=123, length=20
>
>The complete output of Radiusd -X:
>
>Ready to process requests.
>rad_recv: Access-Request packet from host 127.0.0.1:52444, id=67, 
>length=64
>        User-Name = "copelcharles"
>        User-Password = "password"
>        NAS-IP-Address = 255.255.255.255
>        NAS-Port = 0
>  Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 0
>  modcall[authorize]: module "preprocess" returns ok for request 0
>  modcall[authorize]: module "chap" returns noop for request 0
>  modcall[authorize]: module "mschap" returns noop for request 0
>    rlm_realm: No '@' in User-Name = "copelcharles", looking up realm NULL
>    rlm_realm: No such realm "NULL"
>  modcall[authorize]: module "suffix" returns noop for request 0
>  rlm_eap: No EAP-Message, not doing EAP
>  modcall[authorize]: module "eap" returns noop for request 0
>    users: Matched entry DEFAULT at line 153
>  modcall[authorize]: module "files" returns ok for request 0
>rlm_pap: WARNING! No "known good" password found for the user. 
>Authentication may fail because of this.
>  modcall[authorize]: module "pap" returns noop for request 0
>modcall: leaving group authorize (returns ok) for request 0
>  rad_check_password:  Found Auth-Type System
>auth: type "System"
>  Processing the authenticate section of radiusd.conf
>modcall: entering group authenticate for request 0
>  modcall[authenticate]: module "unix" returns notfound for request 0
>modcall: leaving group authenticate (returns notfound) for request 0
>auth: Failed to validate the user.
>Delaying request 0 for 1 seconds
>Finished request 0
>Going to the next request
>--- Walking the entire request list ---
>Waking up in 1 seconds...
>--- Walking the entire request list ---
>Waking up in 1 seconds...
>--- Walking the entire request list ---
>Sending Access-Reject of id 67 to 127.0.0.1 port 52444
>Waking up in 4 seconds...
>--- Walking the entire request list ---
>Cleaning up request 0 ID 67 with timestamp 46ea9900
>Nothing to do.  Sleeping until we see a request.
>rad_recv: Access-Request packet from host 127.0.0.1:50643, id=123, 
>length=64
>        User-Name = "copelcharles"
>        User-Password = "password"
>        NAS-IP-Address = 255.255.255.255
>        NAS-Port = 0
>  Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 1
>  modcall[authorize]: module "preprocess" returns ok for request 1
>  modcall[authorize]: module "chap" returns noop for request 1
>  modcall[authorize]: module "mschap" returns noop for request 1
>    rlm_realm: No '@' in User-Name = "copelcharles", looking up realm NULL
>    rlm_realm: No such realm "NULL"
>  modcall[authorize]: module "suffix" returns noop for request 1
>  rlm_eap: No EAP-Message, not doing EAP
>  modcall[authorize]: module "eap" returns noop for request 1
>    users: Matched entry DEFAULT at line 153
>  modcall[authorize]: module "files" returns ok for request 1
>rlm_pap: WARNING! No "known good" password found for the user. 
>Authentication may fail because of this.
>  modcall[authorize]: module "pap" returns noop for request 1
>modcall: leaving group authorize (returns ok) for request 1
>  rad_check_password:  Found Auth-Type System
>auth: type "System"
>  Processing the authenticate section of radiusd.conf
>modcall: entering group authenticate for request 1
>  modcall[authenticate]: module "unix" returns notfound for request 1
>modcall: leaving group authenticate (returns notfound) for request 1
>auth: Failed to validate the user.
>Delaying request 1 for 1 seconds
>Finished request 1
>Going to the next request
>--- Walking the entire request list ---
>Waking up in 1 seconds...
>--- Walking the entire request list ---
>Waking up in 1 seconds...
>--- Walking the entire request list ---
>Sending Access-Reject of id 123 to 127.0.0.1 port 50643
>Waking up in 4 seconds...
>--- Walking the entire request list ---
>Cleaning up request 1 ID 123 with timestamp 46ea9dec
>Nothing to do.  Sleeping until we see a request.
>
>My samba is ok , I get to authenticate this user by "ntlm_auth" command 
>line.
>
>Any Idea ?
>Thanks,
>Charles.
>
>
>
>
>
>Alan DeKok <aland at deployingradius.com>
>Enviado Por: freeradius-users-bounces at lists.freeradius.org
>14/09/2007 10:32
>Favor responder a FreeRadius users mailing list
>
> 
>        Para:   FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
>        cc: 
>        cco:    Charles Alcantara Borba/COPEL
>        Assunto:        Re: Configuring FreeRADIUS to use ntlm_auth
>
>
>charles at copel.com wrote:
>> After I configure the users file with  "user          Auth-Type :=
>> ntlm_auth" (for testing purposes only), my FreeRadius don´t start and
>> show the followings errors:
>> 
>> /usr/local/etc/raddb/users[1]: Parse error (check) for entry user:
>> Unknown value ntlm_auth for attribute Auth-Type
>
>  You also have to list "ntlm_auth" in the "authenticate" section.
>
>  Alan DeKok.
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
>




More information about the Freeradius-Users mailing list