<table cellspacing="0" cellpadding="0" border="0" ><tr><td valign="top" style="font: inherit;">thanks <br>---------------------------------<br><br>radtest luis x 127.0.0.1 0 123<br>Sending Access-Request of id 189 to 127.0.0.1 port 1812<br> User-Name = "luis"<br> User-Password = "x"<br> NAS-IP-Address = 255.255.255.255<br> NAS-Port = 0<br>rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=189, length=20<br>rad_verify: Received Access-Reject packet from client 127.0.0.1 port 1812 with invalid signature (err=2)! (Shared secret is incorrect.) <br><br>that means that i need to config nas server ?<br>or do i need to config one more line in radiusd.conf ?<br>or means that account does not har ras access ?<br><br>now im receiving this <br><br>rad_recv: Access-Request packet
from host 127.0.0.1:44072, id=189, length=72<br> User-Name = "luis"<br> User-Password = "\324\322pv\373m\025\215d\005|j\230Ys,\271\323\014\344\234>^\206\270\335\305S\343\347>D"<br> NAS-IP-Address = 255.255.255.255<br> NAS-Port = 0<br> Processing the authorize section of radiusd.conf<br>modcall: entering group authorize for request 0<br> modcall[authorize]: module "preprocess" returns ok for request 0<br> modcall[authorize]: module "chap" returns noop for request 0<br> modcall[authorize]: module "mschap" returns noop for request 0<br> rlm_realm: No '@' in User-Name = "luis", looking up realm NULL<br> rlm_realm: No such realm "NULL"<br> modcall[authorize]: module "suffix" returns noop for request 0<br> rlm_eap: No
EAP-Message, not doing EAP<br> modcall[authorize]: module "eap" returns noop for request 0<br> users: Matched entry DEFAULT at line 152<br> modcall[authorize]: module "files" returns ok for request 0<br>modcall: leaving group authorize (returns ok) for request 0<br> rad_check_password: Found Auth-Type System<br>auth: type "System"<br> ERROR: Unknown value specified for Auth-Type. Cannot perform requested action.<br>auth: Failed to validate the user.<br> WARNING: Unprintable characters in the password. ? Double-check the shared secret on the server and the NAS!<br>Delaying request 0 for 1 seconds<br>Finished request 0<br>Going to the next request<br>--- Walking the entire request list ---<br>Waking up in 1 seconds...<br>--- Walking the entire request list ---<br>Waking up in 1 seconds...<br>--- Walking the entire request list ---<br>Sending Access-Reject of id 189 to 127.0.0.1 port
44072<br>Waking up in 4 seconds...<br>-------------------------------<br><br>--- El <b>vie, 19/9/08, Kevin Smith <i><Kevin.Smith@emp.shentel.com></i></b> escribió:<br><blockquote style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; padding-left: 5px;">De: Kevin Smith <Kevin.Smith@emp.shentel.com><br>Asunto: RE: autentication against active directory does not work<br>Para: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org><br>Fecha: viernes, 19 septiembre, 2008 8:07<br><br><pre>Have you verified that Samba was joined to your domain successfully<br>using wbinfo -t? You should see " checking the trust secret via RPC<br>calls succeeded"<br><br>If that is successful try:<br><br>[root@ras ~]# ntlm_auth --username your_user --password users_password<br>--domain your_ad_domain --request-nt-key<br><br>Should see: NT_STATUS_OK: Success (0x0)<br><br>If the two steps above aren't successful you will need to
correct those<br>issues first before proceeding.<br><br>In the mschap module my ntlm_auth configuration is as follows:<br><br>ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key<br>--domain=%{mschap:NT-Domain} --username=%{mschap:User-Name}<br>--challenge=%{mschap:Challenge:-00}<br>--nt-response=%{mschap:NT-Response:-00}"<br><br>Good luck.<br><br><br>-----Original Message-----<br>From:<br>freeradius-users-bounces+kevin.smith=emp.shentel..com@lists.freeradius.or<br>g<br>[mailto:freeradius-users-bounces+kevin.smith=emp.shentel.com@lists.freer<br>adius.org] On Behalf Of tnt@kalik.net<br>Sent: Friday, September 19, 2008 3:40 PM<br>To: freeradius-users@lists.freeradius.org<br>Subject: Re: autentication against active directory does not work<br><br>>i have read allready the documentation at <br>>http://deployingradius.com/documents/configuration/active_directory.htm<br>l<br>><br><br>Read it again.<br><br>>my freeradius debug is pasted at
<br>><br>>http://pastebin.ca/1206001<br>><br><br>1. You are using an outdated version of the server which has a default<br>entry in users file setting Auth-Type Sistem if all else fails. Upgrade<br>or at least comment that out since you have removed "unix" from the<br>configuration.<br><br>2. Read the obvious WARNING in the debug and fix that.<br><br>3. You have configured AD integration (ntlm_auth) in mschap module. And<br>then sent pap request. No wonder it's not working. Send mschap requests.<br><br>Ivan Kalik<br>Kalik Informatika ISP<br><br>-<br>List info/subscribe/unsubscribe? See<br>http://www.freeradius.org/list/users.html<br><br>-<br>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html<br></pre></blockquote></td></tr></table><br>