need help authenticating against AD

tnt at kalik.net tnt at kalik.net
Thu Nov 19 23:30:50 CET 2009


> I need some help authenticating against AD. I have followed directions
> online as best as I can, but things still aren't working as expected.

These:

http://deployingradius.com/documents/configuration/active_directory.html

> I'm
> ultimately hoping to have our VPN users and admins logging into Cisco
> network equipment authenticate against AD through our FreeRADIUS 2
> installation. Today, I have been testing authentication from one of Cisco
> switches, and I continually receive this basic output:

You are not authenticating against AD. You are authenticating against
local system file:
...
> Thu Nov 19 16:17:34 2009 : Info: ++[unix] returns updated
...
> Thu Nov 19 16:17:34 2009 : Info: [pap] login attempt with password "xxxx"
> Thu Nov 19 16:17:34 2009 : Info: [pap] Using CRYPT encryption.
> Thu Nov 19 16:17:34 2009 : Info: [pap] Passwords don't match

... and the password isn't correct.

> I can't tell from this output if the RADIUS server is ever even attempting
> to reach AD.

It isn't.

> Obviously, if I enter the correct password for my username on
> the RADIUS server itself, authentication will succeed, but this is not the
> desired behavior at this time.

Comment out unix in authorize then. If you follow the guide this will work
with Auth-Type := ntlm_auth in users file.

Ivan Kalik




More information about the Freeradius-Users mailing list