<table cellspacing="0" cellpadding="0" border="0" ><tr><td valign="top" style="font: inherit;"><br><br>--- El <b>mar, 30/9/08, Alan DeKok <i><aland@deployingradius.com></i></b> escribió:<br><blockquote style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; padding-left: 5px;">De: Alan DeKok <aland@deployingradius.com><br>Asunto: Re: freeradius compiled version (lastest) against active directory authentication<br>Para: luis.azunet@yahoo.es, "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org><br>Fecha: martes, 30 septiembre, 2008 3:07<br><br><pre>luis a wrote:<br>> I have everything seemingly well-configured to authenticate against<br>> Active Directory<br>> but I lack the parameters under which I use the default<br>> ntlm_auth module<br><br> What does that mean?<br><br> Have you tried my web site (deployingradius.com) ? It has a<br>"howto"<br>for configuring authentication against Active
Directory.<br><br>i all ready read it and he does not work <br><br><br>check it out the output <br><br>------------------------------------<br><br><br>Listening on authentication address * port 1812<br>Listening on accounting address * port 1813<br>Listening on proxy address * port 1814<br>Ready to process requests.<br>rad_recv: Access-Request packet from host 127.0.0.1 port 49964, id=37, length=72<br> User-Name = "luis"<br> User-Password = "x"<br> NAS-IP-Address = xx.xx.xx.x<br> NAS-Port = 0<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>[suffix] No '@' in User-Name = "luis", looking up realm NULL<br>[suffix] No such realm "NULL"<br>++[suffix] returns noop<br>[eap] No EAP-Message, not doing EAP<br>++[eap] returns noop<br>++[unix] returns updated<br>[files] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details<br>[files]
expand: %{Stripped-User-Name:-%{User-Name}} -> luis<br><br>that warning apered after i added the line to the user config file<br>DEFAULT Auth-Type = Local, Password == "stealme"<br><br>.<br><br><br><br>WARNING: Found User-Password == "...".<br>WARNING: Are you sure you don't mean Cleartext-Password?<br>WARNING: See "man rlm_pap" for more information.<br><br><br><br>++[files] returns noop<br>++[expiration] returns noop<br>++[logintime] returns noop<br>++[pap] returns updated<br>Found Auth-Type = PAP<br>+- entering group PAP {...}<br>[pap] login attempt with password "x"<br>[pap] Using CRYPT encryption.<br>[pap] Passwords don't match<br>++[pap] returns reject<br>Failed to authenticate the user.<br><br><br><br><br>-------------------<br>and also when i remplace <br>DEFAULT Auth-Type = System <br><br>i get this message .<br><br><br><br>rad_recv: Access-Request packet from host 127.0.0.1 port 50255, id=25, length=72<br> User-Name = "luis"<br>
User-Password = "x"<br> NAS-IP-Address = xx.xx.xx.xx<br> NAS-Port = 0<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>[suffix] No '@' in User-Name = "luis", looking up realm NULL<br>[suffix] No such realm "NULL"<br>++[suffix] returns noop<br>[eap] No EAP-Message, not doing EAP<br>++[eap] returns noop<br>++[unix] returns updated<br>[files] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details<br>[files] expand: %{Stripped-User-Name:-%{User-Name}} -> luis<br>[files] users: Matched entry DEFAULT at line 205<br>++[files] returns ok<br>++[expiration] returns noop<br>++[logintime] returns noop<br>[pap] Found existing Auth-Type, not changing it.<br>++[pap] returns noop<br>Found Auth-Type = System<br>+- entering group authenticate {...}<br>[unix] invalid password "luis"<br>++[unix] returns reject<br>Failed to authenticate the
user.<br>Using Post-Auth-Type Reject<br>+- entering group REJECT {...}<br>[attr_filter.access_reject] expand: %{User-Name} -> luis<br> attr_filter: Matched entry DEFAULT at line 11<br>++[attr_filter.access_reject] returns updated<br>Delaying reject of request 0 for 1 seconds<br>Going to the next request<br>Waking up in 0.9 seconds.<br>Sending delayed reject for request 0<br>Sending Access-Reject of id 25 to 127.0.0.1 port 50255<br>Waking up in 4.9 seconds.<br>Cleaning up request 0 ID 25 with timestamp +4<br>Ready to process requests.<br><br><br> Alan DeKok.<br></pre></blockquote></td></tr></table><br>