Need help on Free Radius - can't authenticate for user domain.

Le Sang lmsangdl at yahoo.com
Thu Jul 31 09:41:27 CEST 2008


Hello Alan

You told: FreeRADIUS isn't used when a workstation joins a domain.  It's used when a workstation tries to get network access.
I'm agree with you because free radius will use samba to contact with AD to get or do anything with AD for authenticating process.

For your questions#:Are you using wireless for network access?  Are you sure you understand what RADIUS does?

1/. I'm using wireless for network access. All wireless clients will be accessed network through authenticated with AD. It means authenticating "domain auth" (like LAN wire network)

2/. Radius will be used authenticating for user domain (this is my purpose)..


And another thing I found you wrote in the email "Configuring FreeRADIUS to use ntlm_auth". The error is same with my error but my problem still happen. When i deleted line "Auth-Type = System" in users file in /etc/raddb, the authenticating happened unsuccessful. 

Here is messages was showed on the screen shot:

rad_recv: Access-Request packet from host 192.168.200.100:32768, id=2, length=60
        User-Name = "RW"
        User-Password = "123456"
        Message-Authenticator = 0x22438b18ab167a3829d92517fa60c34d
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    rlm_realm: No '@' in User-Name = "RW", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 0
  modcall[authorize]: module "files" returns notfound for request 0
modcall: leaving group authorize (returns ok) for request 0
auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 2 to 192.168.200.100 port 32768
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 2 with timestamp 489168b5
Nothing to do.  Sleeping until we see a request.

Could you please help me check my configuration on RAS server and give some 
advices?

Thanks,
Sang Le


--- On Thu, 7/31/08, Alan DeKok <aland at deployingradius.com> wrote:
From: Alan DeKok <aland at deployingradius.com>
Subject: Re: Need help on Free Radius - can't authenticate for user domain.
To: "FreeRadius users mailing list" <freeradius-users at lists.freeradius.org>
Date: Thursday, July 31, 2008, 3:14 AM

Le Sang wrote:
> This is the first time i configure the free radius to integrate with AD
> on window 2k3. After i finished installing and setting up free radius i
> can authenticate for user domain. But on workstation that was joined
> into domain i can't auth for this user. On the screen shot when i run
> command radiusd -X for debugging radius showed: no EAP message, not
> doing EAP. I used ntlm_auth with samba for authentication user daomain.

  FreeRADIUS isn't used when a workstation joins a domain.  It's used
when a workstation tries to get network access.

  Are you using wireless for network access?  Are you sure you
understand what RADIUS does?

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080731/aede3b6a/attachment.html>


More information about the Freeradius-Users mailing list