FreeRadius - Wifi - Active directory (Eap-Peap-MSCHAP)

Milka Net pierre at milkanet.be
Thu May 5 23:19:12 CEST 2016 

Sorry about the "unreadable".... 

so, for the guide: all works ... 
and this "$ radtest -t mschap bob hello localhost 0 testing123    -->   OK" is working great succefull:
My problem is when "the laptop" does send "domain\user   and pass" ... to the radius..... (again, user     pass works great)
Here is the freeradius -X better layout and readibility
rad_recv: Access-Request packet from host 10.2.103.17 port 59985, id=177, length=173        User-Name = "galaxy\\test"        NAS-Identifier = "44d9e7fc21c1"        NAS-Port = 0        Called-Station-Id = "46-D9-E7-FD-21-C1:FreeRadius"        Calling-Station-Id = "00-1E-65-22-14-C2"        Framed-MTU = 1400        NAS-Port-Type = Wireless-802.11        Connect-Info = "CONNECT 0Mbps 802.11b"        EAP-Message = 0x027300100167616c6178795c74657374        Message-Authenticator = 0x3d46f71089cc7034c3a6636b891a17af# Executing section authorize from file /etc/freeradius/sites-enabled/default+group authorize {++[preprocess] = ok[ntdomain] Looking up realm "galaxy" for User-Name = "galaxy\test"[ntdomain] Found realm "GALAXY"[ntdomain] Adding Stripped-User-Name = "test"[ntdomain] Adding Realm = "GALAXY"[ntdomain] Authentication realm is LOCAL.++[ntdomain] = ok[suffix] Request already proxied.  Ignoring.++[suffix] = ok++[chap] = noop++[mschap] = noop++[digest] = noop[suffix] Request already proxied.  Ignoring.++[suffix] = ok[eap] EAP packet type response id 115 length 16[eap] No EAP Start, assuming it's an on-going EAP conversation++[eap] = updated++[files] = noop++[expiration] = noop++[logintime] = noop[pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.++[pap] = noop+} # group authorize = updatedFound Auth-Type = EAP# Executing group from file /etc/freeradius/sites-enabled/default+group authenticate {[eap] EAP Identity[eap] processing type tls[tls] Initiate[tls] Start returned 1++[eap] = handled+} # group authenticate = handledSending Access-Challenge of id 177 to 10.2.103.17 port 59985        EAP-Message = 0x017400061920        Message-Authenticator = 0x00000000000000000000000000000000        State = 0xf1d729faf1a330fa1233dbe164274a4fFinished request 1.Going to the next requestWaking up in 4.9 seconds.

Again, sorry, it was my first post ... ;-) Thanks


> Subject: Re: FreeRadius - Wifi - Active directory  (Eap-Peap-MSCHAP)
> From: aland at deployingradius.com
> Date: Thu, 5 May 2016 17:14:13 -0400
> To: pierre at milkanet.be; freeradius-users at lists.freeradius.org
> 
> On May 5, 2016, at 5:07 PM, Milka Net <pierre_dejong at hotmail.com> wrote:
> > 
> > Hello,
> > I am trying to set a freeradius authentification against a MS Active directory for Wifi.
> 
>   Follow my guide:
> 
>   http://deployingradius.com/documents/configuration/active_directory.html
> 
> > all went right: 
> > - debian in AD
> > - net ads testjoin-  wbinfo -a test- /usr/bin/ntlm_auth --request-nt-key --domain=DOM --username=u1 --password=thepassord
> > So basically: authenticating with a AD user is really fine.... even from a "windows 7" laptop is fine, AS LONG as i get prompt for the user/pass, and that I enter it in the form or USER/PASS
> > When i try to use the "automatic", so that it's the "laptop" that sends the credential, it does not work:   it does send it as: DOMAIN\\USER.
> > domain: galaxy.privuser: test
> > here is the freeradius -X output.
> 
>   Which is mangled and unreadable.
> 
> > Would you guys have any things i could test?
> > Any advice would be welcome !
> 
>   Follow my guide, and it will work.
> 
>   Alan DeKok.
> 
> 
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list