Beating a dead horse, or freeradius 2.1.1 and active directory
tnt at kalik.net
tnt at kalik.net
Thu Dec 4 03:10:09 CET 2008
>Rupert had mentioned in this thread that the switch is sending a PAP request and that it isn't being forwarded to the ntlm_auth module because of that, which makes sense I suppose. I am wondering though is there a way to configure the radius server to forward (or proxy) authentication requests to the KDC for authentication? I think what I'm doing is a little outside of the how-to that has been referenced.
>
..
> Module: Instantiating ntlm_auth
> exec ntlm_auth {
> wait = yes
> program = "/usr/bin/ntlm_auth ntlm_auth --request-nt-key --domain=SKYLIGHT --username=%{mschap:User-Name} --password=%{User-Password}"
> input_pairs = "request"
> shell_escape = yes
> }
..
>rad_recv: Access-Request packet from host <switch> port 1645, id=46, length=84
> User-Name = "rtest"
> User-Password = "<omitted>"
> NAS-Port = 2
> NAS-Port-Id = "tty2"
> NAS-Port-Type = Virtual
> Calling-Station-Id = "<omitted>"
> NAS-IP-Address = +- entering group authorize {...}
..
>[files] users: Matched entry rtest at line 1
>++[files] returns ok
..
>Found Auth-Type = Local
>WARNING: Please update your configuration, and remove 'Auth-Type = Local'
So, what happened to following the howto? Why is user entry for rtest
setting Auth-Type Local and not ntlm_auth? There is nothing like that
mentioned in the instructions. Debug is also printing a clear warning
that that is wrong.
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list