<br><font size=2 face="sans-serif">Alan:</font>
<br>
<br><font size=2 face="sans-serif">Thanks for your atention and patience ... </font>
<br>
<br><font size=2 face="sans-serif">I start again the "Deploying Radius ..." with default configuration files "users" and "radiusd.conf" and following the instructions on the web page:</font>
<br>
<br><font size=2 face="sans-serif">1) </font><font size=2><tt>Configuring Authentication against Active Directory</tt></font>
<br><font size=2 face="sans-serif">-> Itīs OK ... My Samba is working correctly. I tested it with "wbinfo" and "ntlm_auth" commands.</font>
<br>
<br><font size=2 face="sans-serif">2) </font><font size=2><tt>Configuring FreeRADIUS to use ntlm_auth</tt></font>
<br><font size=2 face="sans-serif">-> Itīs OK ... The radtest worked well without problems. </font>
<br>
<br><font size=2 face="sans-serif">3) </font><font size=2><tt>Configuring FreeRADIUS to use ntlm_auth for MS-CHAP</tt></font>
<br><font size=2 face="sans-serif">-> It didnīt work ... I donīt know what is wrong ... My output FreeRadius presents the same messages that previously:</font>
<br>
<br><font size=2 face="sans-serif">Starting - reading configuration files ...</font>
<br><font size=2 face="sans-serif">reread_config: reading radiusd.conf</font>
<br><font size=2 face="sans-serif">Config: including file: /usr/local/etc/raddb/proxy.conf</font>
<br><font size=2 face="sans-serif">Config: including file: /usr/local/etc/raddb/clients.conf</font>
<br><font size=2 face="sans-serif">Config: including file: /usr/local/etc/raddb/snmp.conf</font>
<br><font size=2 face="sans-serif">Config: including file: /usr/local/etc/raddb/eap.conf</font>
<br><font size=2 face="sans-serif">Config: including file: /usr/local/etc/raddb/sql.conf</font>
<br><font size=2 face="sans-serif"> main: prefix = "/usr/local"</font>
<br><font size=2 face="sans-serif"> main: localstatedir = "/var"</font>
<br><font size=2 face="sans-serif"> main: logdir = "/var/log"</font>
<br><font size=2 face="sans-serif"> main: libdir = "/usr/local/lib"</font>
<br><font size=2 face="sans-serif"> main: radacctdir = "/var/log/radacct"</font>
<br><font size=2 face="sans-serif"> main: hostname_lookups = no</font>
<br><font size=2 face="sans-serif"> main: max_request_time = 30</font>
<br><font size=2 face="sans-serif"> main: cleanup_delay = 5</font>
<br><font size=2 face="sans-serif"> main: max_requests = 1024</font>
<br><font size=2 face="sans-serif"> main: delete_blocked_requests = 0</font>
<br><font size=2 face="sans-serif"> main: port = 0</font>
<br><font size=2 face="sans-serif"> main: allow_core_dumps = no</font>
<br><font size=2 face="sans-serif"> main: log_stripped_names = no</font>
<br><font size=2 face="sans-serif"> main: log_file = "/var/log/radius.log"</font>
<br><font size=2 face="sans-serif"> main: log_auth = no</font>
<br><font size=2 face="sans-serif"> main: log_auth_badpass = no</font>
<br><font size=2 face="sans-serif"> main: log_auth_goodpass = no</font>
<br><font size=2 face="sans-serif"> main: pidfile = "/var/run/radiusd/radiusd.pid"</font>
<br><font size=2 face="sans-serif"> main: user = "(null)"</font>
<br><font size=2 face="sans-serif"> main: group = "(null)"</font>
<br><font size=2 face="sans-serif"> main: usercollide = no</font>
<br><font size=2 face="sans-serif"> main: lower_user = "no"</font>
<br><font size=2 face="sans-serif"> main: lower_pass = "no"</font>
<br><font size=2 face="sans-serif"> main: nospace_user = "no"</font>
<br><font size=2 face="sans-serif"> main: nospace_pass = "no"</font>
<br><font size=2 face="sans-serif"> main: checkrad = "/usr/local/sbin/checkrad"</font>
<br><font size=2 face="sans-serif"> main: proxy_requests = yes</font>
<br><font size=2 face="sans-serif"> proxy: retry_delay = 5</font>
<br><font size=2 face="sans-serif"> proxy: retry_count = 3</font>
<br><font size=2 face="sans-serif"> proxy: synchronous = no</font>
<br><font size=2 face="sans-serif"> proxy: default_fallback = yes</font>
<br><font size=2 face="sans-serif"> proxy: dead_time = 120</font>
<br><font size=2 face="sans-serif"> proxy: post_proxy_authorize = yes</font>
<br><font size=2 face="sans-serif"> proxy: wake_all_if_all_dead = no</font>
<br><font size=2 face="sans-serif"> security: max_attributes = 200</font>
<br><font size=2 face="sans-serif"> security: reject_delay = 1</font>
<br><font size=2 face="sans-serif"> security: status_server = no</font>
<br><font size=2 face="sans-serif"> main: debug_level = 0</font>
<br><font size=2 face="sans-serif">read_config_files: reading dictionary</font>
<br><font size=2 face="sans-serif">read_config_files: reading naslist</font>
<br><font size=2 face="sans-serif">Using deprecated naslist file. Support for this will go away soon.</font>
<br><font size=2 face="sans-serif">read_config_files: reading clients</font>
<br><font size=2 face="sans-serif">read_config_files: reading realms</font>
<br><font size=2 face="sans-serif">radiusd: entering modules setup</font>
<br><font size=2 face="sans-serif">Module: Library search path is /usr/local/lib</font>
<br><font size=2 face="sans-serif">Module: Loaded exec</font>
<br><font size=2 face="sans-serif"> exec: wait = yes</font>
<br><font size=2 face="sans-serif"> exec: program = "(null)"</font>
<br><font size=2 face="sans-serif"> exec: input_pairs = "request"</font>
<br><font size=2 face="sans-serif"> exec: output_pairs = "(null)"</font>
<br><font size=2 face="sans-serif"> exec: packet_type = "(null)"</font>
<br><font size=2 face="sans-serif">rlm_exec: Wait=yes but no output defined. Did you mean output=none?</font>
<br><font size=2 face="sans-serif">Module: Instantiated exec (exec)</font>
<br><font size=2 face="sans-serif">Module: Loaded expr</font>
<br><font size=2 face="sans-serif">Module: Instantiated expr (expr)</font>
<br><font size=2 face="sans-serif">Module: Loaded PAP</font>
<br><font size=2 face="sans-serif"> pap: encryption_scheme = "crypt"</font>
<br><font size=2 face="sans-serif"> pap: auto_header = yes</font>
<br><font size=2 face="sans-serif">Module: Instantiated pap (pap)</font>
<br><font size=2 face="sans-serif">Module: Loaded CHAP</font>
<br><font size=2 face="sans-serif">Module: Instantiated chap (chap)</font>
<br><font size=2 face="sans-serif">Module: Loaded MS-CHAP</font>
<br><font size=2 face="sans-serif"> mschap: use_mppe = yes</font>
<br><font size=2 face="sans-serif"> mschap: require_encryption = no</font>
<br><font size=2 face="sans-serif"> mschap: require_strong = no</font>
<br><font size=2 face="sans-serif"> mschap: with_ntdomain_hack = no</font>
<br><font size=2 face="sans-serif"> mschap: passwd = "(null)"</font>
<br><font size=2 face="sans-serif"> mschap: ntlm_auth = "/usr/local/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name:-None} --domain=%{mschap:NT-Domain:-copel} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"</font>
<br><font size=2 face="sans-serif">Module: Instantiated mschap (mschap)</font>
<br><font size=2 face="sans-serif"> exec: wait = no</font>
<br><font size=2 face="sans-serif"> exec: program = "/usr/local/bin/ntlm_auth --request-nt-key --domain=COPEL --username=%{mschap:User-Name} --password=%{User-Password}"</font>
<br><font size=2 face="sans-serif"> exec: input_pairs = "request"</font>
<br><font size=2 face="sans-serif"> exec: output_pairs = "(null)"</font>
<br><font size=2 face="sans-serif"> exec: packet_type = "(null)"</font>
<br><font size=2 face="sans-serif">Module: Instantiated exec (ntlm_auth)</font>
<br><font size=2 face="sans-serif">Module: Loaded System</font>
<br><font size=2 face="sans-serif"> unix: cache = no</font>
<br><font size=2 face="sans-serif"> unix: passwd = "(null)"</font>
<br><font size=2 face="sans-serif"> unix: shadow = "(null)"</font>
<br><font size=2 face="sans-serif"> unix: group = "(null)"</font>
<br><font size=2 face="sans-serif"> unix: radwtmp = "/var/log/radwtmp"</font>
<br><font size=2 face="sans-serif"> unix: usegroup = no</font>
<br><font size=2 face="sans-serif"> unix: cache_reload = 600</font>
<br><font size=2 face="sans-serif">Module: Instantiated unix (unix)</font>
<br><font size=2 face="sans-serif">Module: Loaded eap</font>
<br><font size=2 face="sans-serif"> eap: default_eap_type = "peap"</font>
<br><font size=2 face="sans-serif"> eap: timer_expire = 60</font>
<br><font size=2 face="sans-serif"> eap: ignore_unknown_eap_types = no</font>
<br><font size=2 face="sans-serif"> eap: cisco_accounting_username_bug = no</font>
<br><font size=2 face="sans-serif">rlm_eap: Loaded and initialized type md5</font>
<br><font size=2 face="sans-serif">rlm_eap: Loaded and initialized type leap</font>
<br><font size=2 face="sans-serif"> gtc: challenge = "Password: "</font>
<br><font size=2 face="sans-serif"> gtc: auth_type = "PAP"</font>
<br><font size=2 face="sans-serif">rlm_eap: Loaded and initialized type gtc</font>
<br><font size=2 face="sans-serif"> tls: rsa_key_exchange = no</font>
<br><font size=2 face="sans-serif"> tls: dh_key_exchange = yes</font>
<br><font size=2 face="sans-serif"> tls: rsa_key_length = 512</font>
<br><font size=2 face="sans-serif"> tls: dh_key_length = 512</font>
<br><font size=2 face="sans-serif"> tls: verify_depth = 0</font>
<br><font size=2 face="sans-serif"> tls: CA_path = "(null)"</font>
<br><font size=2 face="sans-serif"> tls: pem_file_type = yes</font>
<br><font size=2 face="sans-serif"> tls: private_key_file = "/usr/local/etc/raddb/certs/cert-srv.pem"</font>
<br><font size=2 face="sans-serif"> tls: certificate_file = "/usr/local/etc/raddb/certs/cert-srv.pem"</font>
<br><font size=2 face="sans-serif"> tls: CA_file = "/usr/local/etc/raddb/certs/demoCA/cacert.pem"</font>
<br><font size=2 face="sans-serif"> tls: private_key_password = "whatever"</font>
<br><font size=2 face="sans-serif"> tls: dh_file = "/usr/local/etc/raddb/certs/dh"</font>
<br><font size=2 face="sans-serif"> tls: random_file = "/usr/local/etc/raddb/certs/random"</font>
<br><font size=2 face="sans-serif"> tls: fragment_size = 1024</font>
<br><font size=2 face="sans-serif"> tls: include_length = yes</font>
<br><font size=2 face="sans-serif"> tls: check_crl = no</font>
<br><font size=2 face="sans-serif"> tls: check_cert_cn = "(null)"</font>
<br><font size=2 face="sans-serif"> tls: cipher_list = "(null)"</font>
<br><font size=2 face="sans-serif"> tls: check_cert_issuer = "(null)"</font>
<br><font size=2 face="sans-serif">rlm_eap_tls: Loading the certificate file as a chain</font>
<br><font size=2 face="sans-serif">rlm_eap: Loaded and initialized type tls</font>
<br><font size=2 face="sans-serif"> peap: default_eap_type = "mschapv2"</font>
<br><font size=2 face="sans-serif"> peap: copy_request_to_tunnel = no</font>
<br><font size=2 face="sans-serif"> peap: use_tunneled_reply = no</font>
<br><font size=2 face="sans-serif"> peap: proxy_tunneled_request_as_eap = yes</font>
<br><font size=2 face="sans-serif">rlm_eap: Loaded and initialized type peap</font>
<br><font size=2 face="sans-serif"> mschapv2: with_ntdomain_hack = no</font>
<br><font size=2 face="sans-serif">rlm_eap: Loaded and initialized type mschapv2</font>
<br><font size=2 face="sans-serif">Module: Instantiated eap (eap)</font>
<br><font size=2 face="sans-serif">Module: Loaded preprocess</font>
<br><font size=2 face="sans-serif"> preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"</font>
<br><font size=2 face="sans-serif"> preprocess: hints = "/usr/local/etc/raddb/hints"</font>
<br><font size=2 face="sans-serif"> preprocess: with_ascend_hack = no</font>
<br><font size=2 face="sans-serif"> preprocess: ascend_channels_per_line = 23</font>
<br><font size=2 face="sans-serif"> preprocess: with_ntdomain_hack = no</font>
<br><font size=2 face="sans-serif"> preprocess: with_specialix_jetstream_hack = no</font>
<br><font size=2 face="sans-serif"> preprocess: with_cisco_vsa_hack = no</font>
<br><font size=2 face="sans-serif"> preprocess: with_alvarion_vsa_hack = no</font>
<br><font size=2 face="sans-serif">Module: Instantiated preprocess (preprocess)</font>
<br><font size=2 face="sans-serif">Module: Loaded realm</font>
<br><font size=2 face="sans-serif"> realm: format = "suffix"</font>
<br><font size=2 face="sans-serif"> realm: delimiter = "@"</font>
<br><font size=2 face="sans-serif"> realm: ignore_default = no</font>
<br><font size=2 face="sans-serif"> realm: ignore_null = no</font>
<br><font size=2 face="sans-serif">Module: Instantiated realm (suffix)</font>
<br><font size=2 face="sans-serif">Module: Loaded files</font>
<br><font size=2 face="sans-serif"> files: usersfile = "/usr/local/etc/raddb/users"</font>
<br><font size=2 face="sans-serif"> files: acctusersfile = "/usr/local/etc/raddb/acct_users"</font>
<br><font size=2 face="sans-serif"> files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"</font>
<br><font size=2 face="sans-serif"> files: compat = "no"</font>
<br><font size=2 face="sans-serif">Module: Instantiated files (files)</font>
<br><font size=2 face="sans-serif">Module: Loaded Acct-Unique-Session-Id</font>
<br><font size=2 face="sans-serif"> acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"</font>
<br><font size=2 face="sans-serif">Module: Instantiated acct_unique (acct_unique)</font>
<br><font size=2 face="sans-serif">Module: Loaded detail</font>
<br><font size=2 face="sans-serif"> detail: detailfile = "/var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d"</font>
<br><font size=2 face="sans-serif"> detail: detailperm = 384</font>
<br><font size=2 face="sans-serif"> detail: dirperm = 493</font>
<br><font size=2 face="sans-serif"> detail: locking = no</font>
<br><font size=2 face="sans-serif">Module: Instantiated detail (detail)</font>
<br><font size=2 face="sans-serif">Module: Loaded radutmp</font>
<br><font size=2 face="sans-serif"> radutmp: filename = "/var/log/radutmp"</font>
<br><font size=2 face="sans-serif"> radutmp: username = "%{User-Name}"</font>
<br><font size=2 face="sans-serif"> radutmp: case_sensitive = yes</font>
<br><font size=2 face="sans-serif"> radutmp: check_with_nas = yes</font>
<br><font size=2 face="sans-serif"> radutmp: perm = 384</font>
<br><font size=2 face="sans-serif"> radutmp: callerid = yes</font>
<br><font size=2 face="sans-serif">Module: Instantiated radutmp (radutmp)</font>
<br><font size=2 face="sans-serif">Listening on authentication *:1812</font>
<br><font size=2 face="sans-serif">Listening on accounting *:1813</font>
<br><font size=2 face="sans-serif">Ready to process requests.</font>
<br><font size=2 face="sans-serif">rad_recv: Access-Request packet from host 10.4.3.248:32768, id=105, length=65</font>
<br><font size=2 face="sans-serif"> User-Name = "copel\\charles"</font>
<br><font size=2 face="sans-serif"> User-Password = "password"</font>
<br><font size=2 face="sans-serif"> Service-Type = Authenticate-Only</font>
<br><font size=2 face="sans-serif"> NAS-IP-Address = 200.195.147.120</font>
<br><font size=2 face="sans-serif"> Processing the authorize section of radiusd.conf</font>
<br><font size=2 face="sans-serif">modcall: entering group authorize for request 0</font>
<br><font size=2 face="sans-serif"> modcall[authorize]: module "preprocess" returns ok for request 0</font>
<br><font size=2 face="sans-serif"> modcall[authorize]: module "chap" returns noop for request 0</font>
<br><font size=2 face="sans-serif"> modcall[authorize]: module "mschap" returns noop for request 0</font>
<br><font size=2 face="sans-serif"> rlm_realm: No '@' in User-Name = "copel\charles", looking up realm NULL</font>
<br><font size=2 face="sans-serif"> rlm_realm: No such realm "NULL"</font>
<br><font size=2 face="sans-serif"> modcall[authorize]: module "suffix" returns noop for request 0</font>
<br><font size=2 face="sans-serif"> rlm_eap: No EAP-Message, not doing EAP</font>
<br><font size=2 face="sans-serif"> modcall[authorize]: module "eap" returns noop for request 0</font>
<br><font size=2 face="sans-serif"> users: Matched entry DEFAULT at line 154</font>
<br><font size=2 face="sans-serif"> modcall[authorize]: module "files" returns ok for request 0</font>
<br><font size=2 face="sans-serif">rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this.</font>
<br><font size=2 face="sans-serif"> modcall[authorize]: module "pap" returns noop for request 0</font>
<br><font size=2 face="sans-serif">modcall: leaving group authorize (returns ok) for request 0</font>
<br><font size=2 face="sans-serif"> rad_check_password: Found Auth-Type System</font>
<br><font size=2 face="sans-serif">auth: type "System"</font>
<br><font size=2 face="sans-serif"> Processing the authenticate section of radiusd.conf</font>
<br><font size=2 face="sans-serif">modcall: entering group authenticate for request 0</font>
<br><font size=2 face="sans-serif"> modcall[authenticate]: module "unix" returns notfound for request 0</font>
<br><font size=2 face="sans-serif">modcall: leaving group authenticate (returns notfound) for request 0</font>
<br><font size=2 face="sans-serif">auth: Failed to validate the user.</font>
<br><font size=2 face="sans-serif">Delaying request 0 for 1 seconds</font>
<br><font size=2 face="sans-serif">Finished request 0</font>
<br><font size=2 face="sans-serif">Going to the next request</font>
<br><font size=2 face="sans-serif">--- Walking the entire request list ---</font>
<br><font size=2 face="sans-serif">Waking up in 1 seconds...</font>
<br><font size=2 face="sans-serif">--- Walking the entire request list ---</font>
<br><font size=2 face="sans-serif">Waking up in 1 seconds...</font>
<br><font size=2 face="sans-serif">--- Walking the entire request list ---</font>
<br><font size=2 face="sans-serif">Sending Access-Reject of id 105 to 10.4.3.248 port 32768</font>
<br><font size=2 face="sans-serif">Waking up in 4 seconds...</font>
<br><font size=2 face="sans-serif">--- Walking the entire request list ---</font>
<br><font size=2 face="sans-serif">Cleaning up request 0 ID 105 with timestamp 46eec968</font>
<br><font size=2 face="sans-serif">Nothing to do. Sleeping until we see a request.</font>
<br>
<br><font size=2 face="sans-serif">What more should I check or configure and how ? </font>
<br>
<br><font size=2 face="sans-serif">Best Regards.</font>
<br><font size=2 face="sans-serif">Charles.</font>
<br>
<br>
<br>
<br>
<table width=100%>
<tr valign=top>
<td>
<td><font size=1 face="sans-serif"><b>Alan DeKok <aland@deployingradius.com></b></font>
<br><font size=1 face="sans-serif">Enviado Por: freeradius-users-bounces@lists.freeradius.org</font>
<p><font size=1 face="sans-serif">17/09/2007 11:55</font>
<br><font size=1 face="sans-serif">Favor responder a FreeRadius users mailing list</font>
<p>
<td><font size=1 face="Arial"> </font>
<br><font size=1 face="sans-serif"> Para: FreeRadius users mailing list <freeradius-users@lists.freeradius.org></font>
<br><font size=1 face="sans-serif"> cc: </font>
<br><font size=1 face="sans-serif"> cco: Charles Alcantara Borba/COPEL</font>
<br><font size=1 face="sans-serif"> Assunto: Re: Configuring FreeRADIUS to use ntlm_auth</font></table>
<br>
<br>
<br><font size=2 face="Courier New">charles@copel.com wrote:<br>
> I think that I did just some changes describes in the document with the<br>
> files:<br>
> the users file: it is original (I delete the testing entry used "user <br>
> Auth-Type := ntlm_auth");<br>
<br>
Which is why it's not using ntlm_auth for authentication.<br>
<br>
> the radisud.conf file: it is original with following changes:<br>
...<br>
<br>
And the server hasn't been told *how* to authenticate users.<br>
<br>
It either needs to be told what the "known good" password is, OR it<br>
needs to be told who else on the network can authenticate the user.<br>
<br>
Alan DeKok.<br>
-<br>
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html<br>
<br>
<br>
Esta mensagem e seus anexos foram verificados por software anti-vírus. Recomenda-se que não sejam abertos e/ou executados anexos de mensagens de conteúdo ou remetente duvidoso.<br>
</font>
<p>
<p>
<p>