FreeRadius 2 -> 3.04 ntlm_auth not working

Fajar A. Nugraha list at fajar.net
Sun Aug 6 06:35:56 CEST 2017


On Sun, Aug 6, 2017 at 5:16 AM, Diggins Mike <diggins at mcmaster.ca> wrote:
> I built a new server using FreeRadius 3.0.4 (the one that comes with RHEL7) and attempted to port my FR v2 configuration but it's failing.
>

You should be able to easily build latest FR3 stable RPM from the source.

> The error (from radius -X) is:
>
> reading pairlist file /etc/raddb/mods-config/files/authorize
> /etc/raddb/mods-config/files/authorize[5]: Parse error (check) for entry DEFAULT: Unknown value 'ntlm_auth' for attribute 'Auth-Type'
> Failed reading /etc/raddb/mods-config/files/authorize
> /etc/raddb/mods-enabled/files[9]: Instantiation failed for module "files"

Did you read http://wiki.freeradius.org/guide/freeradius-active-directory-integration-howto
?

>
> My /etc/raddb/mods-config/files/authorize contains only:
>
> # Begin
> DEFAULT         Auth-Type = ntlm_auth
> # end of user file
>

That shouldn't be needed.


> I added ntlm_auth to the authenticate sections in sites-enabled/default and sites-enabled/inner-tunnel.
>
> #       Auth-Type LDAP {
> #               ldap
> #       }
>
>         #
>         #  Allow EAP authentication.
>         eap
>

I don't remember this one on top of my head, but IIRC you simply need
to have mods-enabled/eap dan mods-enabled/mschap links.

>         # Allow NTLM_AUTH
>         ntlm_auth
>         #
>

Definitely don't do that.


> I've searched this error for the last hour but can't find anything that points to my problem.
>

Don't copy-paste FR2 config in FR3. Start with the default config, and
follow known-good recipes.

-- 
Fajar


More information about the Freeradius-Users mailing list