FreeRADIUS Active Directory Integration

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Fri May 15 12:22:47 CEST 2009


hi,

you still have ntlm_auth in your authorise section...thats wrong.
take ntlm_auth out of there.

edit modules/mschap and uncomment the ntlm_auth line (and configure
anything else you need such as MPPE) and then ensure that
mschap is called in the virtual server (sites-enabled/default)
and inner-tunnel (if using EAP) in the authenticate section.


the default config as supplied by FreeRADIUS *WORKS* - I can
vouch for that having started on many greenfield sites with a
bare new FreeRADIUS server and getting packets auth'd with just
a few config changes for the required purpose.

i think you might be getting confused with the 'authorize'
terminology.  the server first checks to see if the user-name
is authorised to connect (ie has the 'rights' to connect from
a NAS, at a certain time etc etc), this stops it having to
check the password first - a waste of auth server time! -
the server then checks the authentication (ie is the password
correct?) if the user is allowed to connect.  after this,
the post-auth and accounting is done.

remember, if using EAP, the server will read eap.conf and
by default will then use the inner-tunnel virtual server -
so if using EAP you have THOSE auth/auth/acct sections to
deal with too!

alan



More information about the Freeradius-Users mailing list