<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
code
{mso-style-priority:99;
font-family:"Courier New";}
span.E-MailFormatvorlage19
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=DE link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>OK, I have tested it with “radtest MyUser MyPassword localhost 0
testing123” and this is what the server gave back:<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Ready to process requests.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>rad_recv: Access-Request packet from host 127.0.0.1 port 32793,
id=92, length=58<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'> User-Name = "MyUser"<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'> User-Password = "MyPassword"<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'> NAS-IP-Address = IP.OF.THE.SERVER<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'> NAS-Port = 0<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>+- entering group authorize {...}<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>++[preprocess] returns ok<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>++[chap] returns noop<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>++[mschap] returns noop<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>[suffix] No '@' in User-Name = "MyUser", looking up
realm NULL<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>[suffix] No such realm "NULL"<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>++[suffix] returns noop<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>[eap] No EAP-Message, not doing EAP<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>++[eap] returns noop<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>++[unix] returns notfound<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>++[files] returns noop<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>++[expiration] returns noop<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>++[logintime] returns noop<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>[pap] WARNING! No "known good" password found for the
user. Authentication may fail because of this.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>++[pap] returns noop<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Failed to authenticate the user.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Using Post-Auth-Type Reject<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>+- entering group REJECT {...}<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>[attr_filter.access_reject] expand: %{User-Name} -> MyUser<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'> attr_filter: Matched entry DEFAULT at line 11<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>++[attr_filter.access_reject] returns updated<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Delaying reject of request 0 for 1 seconds<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Going to the next request<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Waking up in 0.9 seconds.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Sending delayed reject for request 0<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Sending Access-Reject of id 92 to 127.0.0.1 port 32793<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Waking up in 4.9 seconds.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Cleaning up request 0 ID 92 with timestamp +3710<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Ready to process requests.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Now what should I do?<br>
Thanks in advance.</span><span lang=EN-US style='font-size:9.0pt;font-family:
"Calibri","sans-serif";color:#1F497D'><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>Von:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>
freeradius-users-bounces+frederik.niedernolte=bertelsmann.de@lists.freeradius.org
[mailto:freeradius-users-bounces+frederik.niedernolte=bertelsmann.de@lists.freeradius.org]
<b>Im Auftrag von </b>Syed Anwarul Hasan<br>
<b>Gesendet:</b> Donnerstag, 9. Oktober 2008 12:12<br>
<b>An:</b> FreeRadius users mailing list<br>
<b>Betreff:</b> Re: Problem with ntlm_auth<o:p></o:p></span></p>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<div>
<p class=MsoNormal style='margin-bottom:12.0pt'>Hi,<br>
You can use radtest tool to check with the Server.The Server will return
accept-accept message.<br>
Other tool includes JRadius Simulator as IVAN told. bu I have not used it.<br>
Otherwise If you have a Native PEAP or TTLS client, you can sent MSCHAP
requests to use ntlm_auth with Active DIRECTORY or LDAP server backend.(if you
have)<br>
<br>
SYED<br>
<br>
<o:p></o:p></p>
<div>
<p class=MsoNormal>On Thu, Oct 9, 2008 at 11:54 AM, <<a
href="mailto:Frederik.Niedernolte@bertelsmann.de">Frederik.Niedernolte@bertelsmann.de</a>>
wrote:<o:p></o:p></p>
<div>
<div>
<p><span style='font-size:11.0pt;color:#1F497D'>Thanks, now it works :)</span><o:p></o:p></p>
<p><span style='font-size:11.0pt;color:#1F497D'> </span><o:p></o:p></p>
<p><span lang=EN-US style='font-size:11.0pt;color:#1F497D'>Now the last step:
How can I test it? What tool/program etc. can/should I use to test it?</span><o:p></o:p></p>
<p><span lang=EN-US style='font-size:11.0pt;color:#1F497D'>"</span><span
lang=EN-US>The </span><code><span lang=EN-US style='font-size:10.0pt'>radclient</span></code><span
lang=EN-US> cannot currently be used to send this request, unfortunately, which
makes testing a little difficult If everything goes well, you should see the
server returning an </span><a
href="http://freeradius.org/rfc/rfc2865.html#Access-Accept" target="_blank"><span
lang=EN-US>Access-Accept</span></a><span lang=EN-US> message as above."</span><o:p></o:p></p>
<p><span lang=EN-US style='font-size:11.0pt;color:#1F497D'> </span><o:p></o:p></p>
<p><span style='font-size:11.0pt;color:#1F497D'>Mit freundlichen Grüßen / Kind
regards</span><o:p></o:p></p>
<p><span style='font-size:11.0pt;color:#1F497D'>Frederik Niedernolte<br>
-------------------------------------------------------<br>
</span><span style='font-size:11.0pt;color:#595959'>arvato</span><span
style='font-size:11.0pt;color:#1F497D'> </span><span style='font-size:11.0pt;
color:#0070C0'>services</span><span style='font-size:11.0pt;color:black'><br>
</span><span style='font-size:11.0pt;color:#1F497D'>An der Autobahn<br>
33310 Gütersloh<br>
Germany<br>
<a href="http://www.arvato-services.de" target="_blank"
title="blocked::www.arvato-direct-services.de">http://www.arvato-services.de</a><br>
</span><span style='font-size:11.0pt;color:blue'><a
href="mailto:frederik.niedernolte@bertelsmann.deTel" target="_blank">frederik.niedernolte@bertelsmann.de</a></span><span
style='font-size:11.0pt;color:#1F497D'><br>
Tel.: +49 (0)5241 80-40554</span><o:p></o:p></p>
<p><span style='font-size:9.0pt;color:#1F497D'>arvato services GmbH: Sitz
Gütersloh | Amtsgericht Gütersloh HRB 3826 | Geschäftsführer Ralf
Bierfischer, Bodo Krönfeld, Markus Schmedtmann, Eckhard Südmersen</span><o:p></o:p></p>
<p><span style='font-size:11.0pt;color:#1F497D'> </span><o:p></o:p></p>
<div style='border:none;border-top:solid windowtext 1.0pt;padding:3.0pt 0cm 0cm 0cm;
border-color:-moz-use-text-color -moz-use-text-color'>
<p><b><span style='font-size:10.0pt'>Von:</span></b><span style='font-size:
10.0pt'> freeradius-users-bounces+frederik.niedernolte=<a
href="http://bertelsmann.de" target="_blank">bertelsmann.de</a>@<a
href="http://lists.freeradius.org" target="_blank">lists.freeradius.org</a>
[mailto:<a href="mailto:freeradius-users-bounces%2Bfrederik.niedernolte"
target="_blank">freeradius-users-bounces+frederik.niedernolte</a>=<a
href="http://bertelsmann.de" target="_blank">bertelsmann.de</a>@<a
href="http://lists.freeradius.org" target="_blank">lists.freeradius.org</a>] <b>Im
Auftrag von </b>Syed Anwarul Hasan<br>
<b>Gesendet:</b> Donnerstag, 9. Oktober 2008 11:44<br>
<b>An:</b> FreeRadius users mailing list<br>
<b>Betreff:</b> Re: Problem with ntlm_auth</span><o:p></o:p></p>
</div>
<div>
<div>
<p> <o:p></o:p></p>
<div>
<p style='margin-bottom:12.0pt'>Hi Frederik,<br>
<br>
1) Put User entry on <b>TOP</b> of users file.<br>
2) In default file, in authenticate section, add <b>ntlm_auth. </b>Don't set
using Auth-Type.<br>
3) Also in Sites-enabled/inner-tunnel which is Virtual Server Inner Tunnel. Add
<b>ntlm_auth</b> in Authenticate Section.<br>
<br>
I hope it will solve your problem.<br>
SYED<br>
<br>
<o:p></o:p></p>
<div>
<p>On Thu, Oct 9, 2008 at 11:17 AM, <<a
href="mailto:Frederik.Niedernolte@bertelsmann.de" target="_blank">Frederik.Niedernolte@bertelsmann.de</a>>
wrote:<o:p></o:p></p>
<div>
<div>
<p><span lang=EN-US>I have finished all steps till „<b>user</b> Auth-Type
:= ntlm_auth" from <a
href="http://deployingradius.com/documents/configuration/active_directory.html"
target="_blank">http://deployingradius.com/documents/configuration/active_directory.html</a>.</span><o:p></o:p></p>
<p><span lang=EN-US>With this command I get this error message at the end of
"/usr/sbin/freeradius –X":</span><o:p></o:p></p>
<p><span lang=EN-US> </span><o:p></o:p></p>
<p><span lang=EN-US style='font-size:9.0pt'>/etc/freeradius/users[1]: Parse
error (check) for entry MyUser: Unknown value ntlm_auth for attribute Auth-Type</span><o:p></o:p></p>
<p><span lang=EN-US style='font-size:9.0pt'>Errors reading
/etc/freeradius/users</span><o:p></o:p></p>
<p><span lang=EN-US style='font-size:9.0pt'>/etc/freeradius/modules/files[7]:
Instantiation failed for module "files"</span><o:p></o:p></p>
<p><span lang=EN-US style='font-size:9.0pt'>/etc/freeradius/sites-enabled/inner-tunnel[111]:
Failed to find module "files".</span><o:p></o:p></p>
<p><span lang=EN-US style='font-size:9.0pt'>/etc/freeradius/sites-enabled/inner-tunnel[34]:
Errors parsing authorize section.</span><o:p></o:p></p>
<p><span lang=EN-US style='font-size:9.0pt'> }</span><o:p></o:p></p>
<p><span lang=EN-US style='font-size:9.0pt'>}</span><o:p></o:p></p>
<p><span lang=EN-US style='font-size:9.0pt'>Errors initializing modules</span><o:p></o:p></p>
<p><span lang=EN-US> </span><o:p></o:p></p>
<p><span lang=EN-US>The authenticate section in the
/etc/freeradius/sites-enabled/default looks like this (only important part):</span><o:p></o:p></p>
<p><span lang=EN-US> </span><o:p></o:p></p>
<p><span lang=EN-US style='font-size:9.0pt'>authenticate {</span><o:p></o:p></p>
<p><span lang=EN-US style='font-size:9.0pt'>#</span><o:p></o:p></p>
<p><span lang=EN-US style='font-size:9.0pt'># NTML_AUTH authentication.</span><o:p></o:p></p>
<p><span lang=EN-US style='font-size:9.0pt'>Auth-Type ntlm_auth {</span><o:p></o:p></p>
<p><span lang=EN-US style='font-size:9.0pt'>
ntlm_auth</span><o:p></o:p></p>
<p><span lang=EN-US style='font-size:9.0pt'>}</span><o:p></o:p></p>
<p><span lang=EN-US> </span><o:p></o:p></p>
<p><span lang=EN-US>What is wrong and what can I do to solve the problem?<br>
<br>
Thanks in advance.</span><o:p></o:p></p>
<p><span lang=EN-US>Best regards, F. Niedernolte</span><o:p></o:p></p>
</div>
</div>
<p><br>
-<br>
List info/subscribe/unsubscribe? See <a
href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><o:p></o:p></p>
</div>
<p> <o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
<p class=MsoNormal><br>
-<br>
List info/subscribe/unsubscribe? See <a
href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><o:p></o:p></p>
</div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
</div>
</body>
</html>