MSCHAP No logon servers are currently available
Alan DeKok
aland at deployingradius.com
Thu Aug 12 14:46:02 CEST 2021
On Aug 12, 2021, at 5:49 AM, L.P.H. van Belle via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> Please read :
> https://wiki.samba.org/index.php/Authenticating_Freeradius_against_Active_Directory
> This one is at the moment the only page with the complete info you need..
> (for this error)
>
> @Alan,
> These pages are not fully correct.
> http://deployingradius.com/documents/configuration/active_directory.html
> Its not complete. (sorry).. You did add the part about : ntlm auth = mschapv2-and-ntlmv2-only
> Just, im not seeing these parts. : --allow-mschapv2
> Which is key to make it work.
When did that change?
That page has been up for 15 years. i.e. before Samba changed its behavior.
> https://wiki.freeradius.org/guide/freeradius-active-directory-integration-howto
> Also i see incorrect SMB.conf settings and both are missing the part to use NTLMv2.
Well, the Wiki is editable.
> The link to the samba wiki contain all needed info for the freeradius part.
> For the smb.conf part, that depends if its a stand alone samba server of domain member/AD-DC.
>
> Updating these could save you lots of message in the list. ;-)
The wiki is editable. We also accept pull requests for the module configurations.
We don't troll through every program / library used by FreeRADIUS, to see if they changed their behavior. We mostly rely on people to tell us, and to update the docs.
Alan DeKok.
More information about the Freeradius-Users
mailing list