Freeradius 2.0 with Activedirectory Integration Failed
tnt at kalik.net
tnt at kalik.net
Tue Nov 11 09:01:35 CET 2008
>1. Added "user Auth-Type := ntlm_auth" to users file in
>/usr/local/etc/raddb
But your user is called test.
>2. Added "ntlm_auth" into authenticate of default and inner-tunnel of
>sites-enabled directory
>
>authenticate {
> ntlm_auth
>
> Auth-Type PAP {
> pap
> }
>..
>..
>..
>}
>
>3. Added into exec file in modules directory:
>"exec ntlm_auth {
> wait = yes
> program = "/usr/bin/ntlm_auth ntlm_auth --request-nt-key
>--domain=TEST --username=%{mschap:User-Name} --password=%{User-Password}"
> }"
>
>where domain is TEST
>
>4. I did not enable ntlm for mschap yet
>
>5. Ran radiusd -X and has no errors, and I extracted some information:
>
>server inner-tunnel {
> modules {
> Module: Checking authenticate {...} for more modules to load
> Module: Instantiating ntlm_auth
> exec ntlm_auth {
> wait = yes
> program = "/usr/bin/ntlm_auth ntlm_auth --request-nt-key
>--domain=TEST --username=%{mschap:User-Name} --password=%{User-Password}"
> input_pairs = "request"
> shell_escape = yes
> }
>
>6. I tried to do a SSH authentication with pam-radius and it was not
>successful...
>rad_recv: Access-Request packet from host 127.0.0.1 port 26805, id=72,
>length=86
> User-Name = "test"
> User-Password = "password"
> NAS-IP-Address = 127.0.0.1
> NAS-Identifier = "sshd"
> NAS-Port = 25780
> NAS-Port-Type = Virtual
> Service-Type = Authenticate-Only
> Calling-Station-Id = "10.0.0.151"
>+- entering group authorize {...}
>++[preprocess] returns ok
>++[chap] returns noop
>++[mschap] returns noop
>[suffix] No '@' in User-Name = "test", looking up realm NULL
>[suffix] No such realm "NULL"
>++[suffix] returns noop
>[eap] No EAP-Message, not doing EAP
>++[eap] returns noop
>++[unix] returns notfound
>++[files] returns noop
No match in files. Fix users file entry.
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list