<br><font size=2 face="sans-serif">All,</font>
<br><font size=2 face="sans-serif">I finally got it working, but not yet
as i want.</font>
<br><font size=2 face="sans-serif">The trick that made it work is settings
auth-type := MSCHAPv2 for the user(s) and i also started radiusd as root(changed
the rights without success to radiusd, but once everything is working i
will try to run again with radiusd user)</font>
<br>
<br><font size=2 face="sans-serif">If i connect my user(s)s with username@realm
it works, </font>
<br><font size=2 face="sans-serif">but if i use realm\userame the realm
is found but no ntlm is used(and authentication fails).</font>
<br>
<br><font size=2 face="sans-serif">Below you find an extract from the debug
where you can see that the correct realm is found. Do i need some options?</font>
<br><font size=2 face="sans-serif">(btw i need this to work because automatic
logon to the wifi from windows xp with windows credentials is in this format)</font>
<br>
<br><font size=2 face="sans-serif">modcall[authorize]: module "kmt-eu.kmtg.net"
returns noop for request 69</font>
<br><font size=2 face="sans-serif"> rlm_realm: Looking up
realm "KMT-EU.KMTG.NET" for User-Name = "KMT-EU.KMTG.NET\sstruyf"</font>
<br><font size=2 face="sans-serif"> rlm_realm: Found realm
"KMT-EU.KMTG.NET"</font>
<br><font size=2 face="sans-serif"> rlm_realm: Adding Stripped-User-Name
= "sstruyf"</font>
<br><font size=2 face="sans-serif"> rlm_realm: Proxying request
from user sstruyf to realm KMT-EU.KMTG.NET</font>
<br><font size=2 face="sans-serif"> rlm_realm: Adding Realm
= "KMT-EU.KMTG.NET"</font>
<br><font size=2 face="sans-serif"> rlm_realm: Authentication
realm is LOCAL.</font>
<br>
<br>
<br><font size=2 face="sans-serif">Stieven Struyf<br>
M.I.S. Division - System Operations <br>
Komatsu Europe International NV<br>
Mechelsesteenweg 586<br>
B-1800 Vilvoorde<br>
Stieven.Struyf@komatsu.eu<br>
Tel. +32 (0)2 2552551</font>
<br>
<br><tt><font size=2>freeradius-users-bounces+stieven.struyf=komatsu.eu@lists.freeradius.org
wrote on 10/26/2006 05:05:44 PM:<br>
<br>
> Stieven.Struyf@komatsu.eu wrote:<br>
> > I am trying to authenticate my wifi users via our AD. I'm finding
bits and <br>
> > pieces on the internet to configure things, but no completely
usable <br>
> > howto.<br>
> <br>
> What's missing from any of the HOWTO's? There's some
on the Wiki,<br>
> and one on my site.<br>
> <br>
> > Exec-Program-Wait: plaintext: winbind client not authorized to
use <br>
> > winbindd_pam_auth_crap. Ensure permissions on <br>
> > /var/cache/samba/winbindd_privileged are set correctly. (0xc0000022)<br>
> <br>
> You're running the server as non-root, and the programs it
executes<br>
> don't run as root, so they don't have permissions to read that<br>
> directory. Make the server run as root, or fix the permissions.<br>
> <br>
> Alan DeKok.<br>
> --<br>
> http://deployingradius.com - The web site
of the book<br>
> http://deployingradius.com/blog/ - The blog<br>
> - <br>
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html<br>
</font></tt>