<br clear="all">
<p>Using freeradius v1.1.1 on a RHEL 4 box trying to authenticate users against Windows 2003 Active directory. I was able to bind linux box to Windows domain successfully and able to read the active directory users and groups using
</p>
<p>wbinfo - u<br>R1\Administrator<br>R1\Guest</p>
<p>and wbinfo -g.</p>
<p>Using ntlm_auth tool am able to successfully authenticate the users too.</p>
<p>-bash-3.00# ntlm_auth --request-nt-key --username=kartthikr<br>password:<br>NT_STATUS_OK: Success (0x0)</p>
<p>But while using radtest tool with the same logon credentials as above it rejects the user and here is the log message.</p>
<p>rad_recv: Access-Request packet from host <a href="http://127.0.0.1:32927">127.0.0.1:32927</a>, id=243, length=61<br> User-Name = "<removed>"<br> User-Password = "<removed>"
<br> NAS-IP-Address = <a href="http://255.255.255.255">255.255.255.255</a><br> NAS-Port = 0<br> Processing the authorize section of radiusd.conf<br>modcall: entering group authorize for request 0<br> modcall[authorize]: module "preprocess" returns ok for request 0
<br> modcall[authorize]: module "chap" returns noop for request 0<br> modcall[authorize]: module "mschap" returns noop for request 0<br> rlm_realm: No <a href="mailto:'@'">'@'</a> in User-Name = "<removed>", looking up realm NULL
<br> rlm_realm: No such realm "NULL"<br> modcall[authorize]: module "suffix" returns noop for request 0<br> rlm_eap: No EAP-Message, not doing EAP<br> modcall[authorize]: module "eap" returns noop for request 0
<br> users: Matched entry DEFAULT at line 156<br> modcall[authorize]: module "files" returns ok for request 0<br>modcall: leaving group authorize (returns ok) for request 0<br> rad_check_password: Found Auth-Type System
<br>auth: type "System"<br> Processing the authenticate section of radiusd.conf<br>modcall: entering group authenticate for request 0<br> modcall[authenticate]: module "unix" returns notfound for request 0
<br>modcall: leaving group authenticate (returns notfound) for request 0<br>auth: Failed to validate the user.<br>Delaying request 0 for 1 seconds<br>Finished request 0<br>Going to the next request<br>--- Walking the entire request list ---
<br>Sending Access-Reject of id 243 to <a href="http://127.0.0.1">127.0.0.1</a> port 32927<br>Waking up in 4 seconds...<br>--- Walking the entire request list ---<br>Cleaning up request 0 ID 243 with timestamp 45413139<br>
Nothing to do. Sleeping until we see a request.</p>
<p>Here is nss config file:</p>
<p>passwd: files winbind<br>shadow: files winbind<br>group: files winbind</p>
<p>hosts: files winbind nis dns</p>
<p>protocols: files winbind # nis<br>services: files winbind # nis<br>netgroup: files winbind # nis<br>automount: files winbind nis</p>
<p>Here is radiusd.conf file:</p>
<p>modules {<br>pap {<br> encryption_scheme = crypt<br> }</p>
<p> chap {<br> authtype = CHAP<br> }</p>
<p>pam {<br> pam_auth = radiusd<br> }<br>unix {<br> cache = no<br> cache_reload = 600<br> radwtmp = ${logdir}/radwtmp<br> }</p>
<p>$INCLUDE ${confdir}/eap.conf</p>
<p> <br> mschap {<br> <br> authtype = MS-CHAP<br> #use_mppe = no</p>
<p> require_encryption = yes</p>
<p> #require_strong = yes</p>
<p> with_ntdomain_hack = yes</p>
<p> ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"</p>
<div> }</div>
<div> </div>
<div>Thanks in advance.</div>