autentication against active directory does not work
Kevin Smith
Kevin.Smith at emp.shentel.com
Fri Sep 19 22:07:39 CEST 2008
Have you verified that Samba was joined to your domain successfully
using wbinfo -t? You should see " checking the trust secret via RPC
calls succeeded"
If that is successful try:
[root at ras ~]# ntlm_auth --username your_user --password users_password
--domain your_ad_domain --request-nt-key
Should see: NT_STATUS_OK: Success (0x0)
If the two steps above aren't successful you will need to correct those
issues first before proceeding.
In the mschap module my ntlm_auth configuration is as follows:
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
--domain=%{mschap:NT-Domain} --username=%{mschap:User-Name}
--challenge=%{mschap:Challenge:-00}
--nt-response=%{mschap:NT-Response:-00}"
Good luck.
-----Original Message-----
From:
freeradius-users-bounces+kevin.smith=emp.shentel.com at lists.freeradius.or
g
[mailto:freeradius-users-bounces+kevin.smith=emp.shentel.com at lists.freer
adius.org] On Behalf Of tnt at kalik.net
Sent: Friday, September 19, 2008 3:40 PM
To: freeradius-users at lists.freeradius.org
Subject: Re: autentication against active directory does not work
>i have read allready the documentation at
>http://deployingradius.com/documents/configuration/active_directory.htm
l
>
Read it again.
>my freeradius debug is pasted at
>
>http://pastebin.ca/1206001
>
1. You are using an outdated version of the server which has a default
entry in users file setting Auth-Type Sistem if all else fails. Upgrade
or at least comment that out since you have removed "unix" from the
configuration.
2. Read the obvious WARNING in the debug and fix that.
3. You have configured AD integration (ntlm_auth) in mschap module. And
then sent pap request. No wonder it's not working. Send mschap requests.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list