Error in Free Radius Integration with AD Server

owais ahmad owaisahmed19 at gmail.com
Wed Jan 28 06:53:39 CET 2015


---------- Forwarded message ----------
From:  <owaisahmed19 at gmail.com>
Date: Tuesday, January 27, 2015
Subject: Error in Free Radius Integration with AD Server
To: owaisahmed19 at gmail.com


Hello,
This is regarding error in free radius authentication with AD Server.
Brief outline of the environment is as follows:
Free Radius 2.1.12 is installed on RHEL 6.5. AD Server is installed in
windows 2008 R2. Samba 3 has been used to integrate Linux with Windows

Commands which work fine:
1. wbinfo -a username%password
2. ntlm_auth --request-nt-key --domain=ITBATEST.COM --username=owais
--password=welcome at 123
3. wbinfo -g
4. wbinfo -u

When i start my Radius server in debug mode and run following command

radtest owais welcome at 123 localhost 0 testing123

I am getting error.

Sending Access-Request of id 164 to 127.0.0.1 port 1812
        User-Name = "owais"
        User-Password = "welcome at 123"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 0
        Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=164,
length=20


Radiusd -X output is as below:

Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 57549, id=164,
length=75
        User-Name = "owais"
        User-Password = "welcome at 123"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 0
        Message-Authenticator = 0x9c76aaf83e1ff8534b0d8a83ac0f1fd3
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
[ntlm_auth]     expand: --username=%{mschap:User-Name} -> --username=owais
[ntlm_auth]     expand: --password=%{User-Password} ->
--password=welcome at 123
Exec-Program output: NT_STATUS_OK: Success (0x0)
Exec-Program-Wait: plaintext: NT_STATUS_OK: Success (0x0)
Exec-Program: returned: 0
++[ntlm_auth] returns ok
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "owais", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.  Authentication
may fail because of this.
++[pap] returns noop
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting
the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> owais
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.8 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 164 to 127.0.0.1 port 57549
Waking up in 4.9 seconds.
Cleaning up request 0 ID 164 with timestamp +5
Ready to process requests.


Would appreciate your help.




_____________________________________
Sent from http://freeradius.1045715.n5.nabble.com




-- 
Regards,
Owais


More information about the Freeradius-Users mailing list