AW: Problem with ntlm_auth

Thu Oct 9 12:58:00 CEST 2008

OK, I have tested it with "radtest MyUser MyPassword localhost 0 testing123" and this is what the server gave back:

Ready to process requests.

rad_recv: Access-Request packet from host 127.0.0.1 port 32793, id=92, length=58

        User-Name = "MyUser"

        User-Password = "MyPassword"

        NAS-IP-Address = IP.OF.THE.SERVER

        NAS-Port = 0

+- entering group authorize {...}

++[preprocess] returns ok

++[chap] returns noop

++[mschap] returns noop

[suffix] No '@' in User-Name = "MyUser", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] returns noop

[eap] No EAP-Message, not doing EAP

++[eap] returns noop

++[unix] returns notfound

++[files] returns noop

++[expiration] returns noop

++[logintime] returns noop

[pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.

++[pap] returns noop

No authenticate method (Auth-Type) configuration found for the request: Rejecting the user

Failed to authenticate the user.

Using Post-Auth-Type Reject

+- entering group REJECT {...}

[attr_filter.access_reject]     expand: %{User-Name} -> MyUser

 attr_filter: Matched entry DEFAULT at line 11

++[attr_filter.access_reject] returns updated

Delaying reject of request 0 for 1 seconds

Going to the next request

Waking up in 0.9 seconds.

Sending delayed reject for request 0

Sending Access-Reject of id 92 to 127.0.0.1 port 32793

Waking up in 4.9 seconds.

Cleaning up request 0 ID 92 with timestamp +3710

Ready to process requests.

Now what should I do?
Thanks in advance.

Von: freeradius-users-bounces+frederik.niedernolte=bertelsmann.de at lists.freeradius.org [mailto:freeradius-users-bounces+frederik.niedernolte=bertelsmann.de at lists.freeradius.org] Im Auftrag von Syed Anwarul Hasan
Gesendet: Donnerstag, 9. Oktober 2008 12:12
An: FreeRadius users mailing list
Betreff: Re: Problem with ntlm_auth

Hi,
You can use radtest tool to check with the Server.The Server will return accept-accept message.
Other tool includes JRadius Simulator as IVAN told. bu I have not used it.
Otherwise If you have a Native PEAP or TTLS client, you can sent MSCHAP requests to use ntlm_auth with Active DIRECTORY or LDAP server backend.(if you have)

SYED

On Thu, Oct 9, 2008 at 11:54 AM, <Frederik.Niedernolte at bertelsmann.de> wrote:

Thanks, now it works :)

Now the last step: How can I test it? What tool/program etc. can/should I use to test it?

"The radclient cannot currently be used to send this request, unfortunately, which makes testing a little difficult If everything goes well, you should see the server returning an Access-Accept <http://freeradius.org/rfc/rfc2865.html#Access-Accept>  message as above."

Mit freundlichen Grüßen / Kind regards

Frederik Niedernolte
-------------------------------------------------------
arvato services
An der Autobahn
33310 Gütersloh
Germany
http://www.arvato-services.de
frederik.niedernolte at bertelsmann.de <mailto:frederik.niedernolte at bertelsmann.deTel> 
Tel.:      +49 (0)5241 80-40554

arvato services GmbH: Sitz Gütersloh | Amtsgericht Gütersloh HRB 3826 | Geschäftsführer Ralf Bierfischer, Bodo Krönfeld, Markus Schmedtmann, Eckhard Südmersen

Von: freeradius-users-bounces+frederik.niedernolte=bertelsmann.de at lists.freeradius.org [mailto:freeradius-users-bounces+frederik.niedernolte <mailto:freeradius-users-bounces%2Bfrederik.niedernolte> =bertelsmann.de at lists.freeradius.org] Im Auftrag von Syed Anwarul Hasan
Gesendet: Donnerstag, 9. Oktober 2008 11:44
An: FreeRadius users mailing list
Betreff: Re: Problem with ntlm_auth

Hi Frederik,

1) Put User entry on TOP of users file.
2) In default file, in authenticate section, add ntlm_auth. Don't set using Auth-Type.
3) Also in Sites-enabled/inner-tunnel which is Virtual Server Inner Tunnel. Add ntlm_auth in Authenticate Section.

I hope it will solve your problem.
SYED

On Thu, Oct 9, 2008 at 11:17 AM, <Frederik.Niedernolte at bertelsmann.de> wrote:

I have finished all steps till "user     Auth-Type := ntlm_auth" from http://deployingradius.com/documents/configuration/active_directory.html.

With this command I get this error message at the end of "/usr/sbin/freeradius -X":

/etc/freeradius/users[1]: Parse error (check) for entry MyUser: Unknown value ntlm_auth for attribute Auth-Type

Errors reading /etc/freeradius/users

/etc/freeradius/modules/files[7]: Instantiation failed for module "files"

/etc/freeradius/sites-enabled/inner-tunnel[111]: Failed to find module "files".

/etc/freeradius/sites-enabled/inner-tunnel[34]: Errors parsing authorize section.

 }

}

Errors initializing modules

The authenticate section in the /etc/freeradius/sites-enabled/default looks like this (only important part):

authenticate {

#

#  NTML_AUTH authentication.

Auth-Type ntlm_auth {

       ntlm_auth

}

What is wrong and what can I do to solve the problem?

Thanks in advance.

Best regards, F. Niedernolte

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20081009/292eb334/attachment.html>