AW: AW: AW: Problem with ntlm_auth

Frederik.Niedernolte at Bertelsmann.de Frederik.Niedernolte at Bertelsmann.de
Thu Oct 9 14:57:56 CEST 2008


Is is possible to use only one freeRADIUS server (the just configured one) for a bunch of different domains
in my active directory network?
How?

F. Niedernolte


-----Ursprüngliche Nachricht-----
Von: freeradius-users-bounces+frederik.niedernolte=bertelsmann.de at lists.freeradius.org [mailto:freeradius-users-bounces+frederik.niedernolte=bertelsmann.de at lists.freeradius.org] Im Auftrag von tnt at kalik.net
Gesendet: Donnerstag, 9. Oktober 2008 14:05
An: FreeRadius users mailing list
Betreff: Re: AW: AW: Problem with ntlm_auth

>OK, thanks.
>Now it works.
>Is this the way it should look right?
>

Yes. that's OK.

..
>[files] users: Matched entry DEFAULT at line 2
>++[files] returns ok

Entry setting Auth-Type.

..
>[pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.

That's because the password is not given to radius server but is checked
in AD.

>++[pap] returns noop
>Found Auth-Type = ntlm_auth

This was forced in users file.

>+- entering group authenticate {...}
>[ntlm_auth]     expand: --username=%{mschap:User-Name} -> --username=MyUser
>[ntlm_auth]     expand: --password=%{User-Password} -> --password=MyPassword
>Exec-Program output: NT_STATUS_OK: Success (0x0)
>Exec-Program-Wait: plaintext: NT_STATUS_OK: Success (0x0)
>Exec-Program: returned: 0
>++[ntlm_auth] returns ok

And user is authenticated in AD.

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list