freeradius with Active Directory via winbind or MAC address access
Vieri
rentorbuy at yahoo.com
Wed Nov 29 19:13:37 CET 2017
Figured it out.
I added an if (User-Name) condition in the authorize section.
I then had these messages:
(0) mschap: ERROR: Unable to contact winbind!
(0) mschap: Check that winbind is running and that FreeRADIUS has
(0) mschap: permission to connect to the winbind privileged socket.
(0) mschap: ERROR: MS-CHAP2-Response is incorrect
On my system I had to run:
# chgrp radius /var/lib/samba/winbindd_privileged
Now my test is:
# radtest -t mschap user password 10.215.144.91 0 testrad
Sent Access-Request Id 3 from 0.0.0.0:35778 to 10.215.144.91:1812 length 132
User-Name = "user"
MS-CHAP-Password = "password"
NAS-IP-Address = 10.215.144.92
NAS-Port = 0
Message-Authenticator = 0x00
Cleartext-Password = "password"
MS-CHAP-Challenge = 0xa6794b921c6c8fed
MS-CHAP-Response = 0x0001000000000000000000000000000000000000000000000000f85fcca7bc8a24d842c5e2c32463002aed3a47cdc049646e
Received Access-Accept Id 3 from 10.215.144.91:1812 to 0.0.0.0:0 length 84
MS-CHAP-MPPE-Keys = 0x00000000000000002c75db51e4d2e5194cb316c576310376
MS-MPPE-Encryption-Policy = Encryption-Allowed
MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
Thanks,
Vieri
More information about the Freeradius-Users
mailing list