<div dir="ltr">Ok, Where are USER CREDENTIALS stored, the one descibed in the Manual is Bind as User. That is USer Entry is added in Users file and after using ntlm_auth, it is checked against a Active Directory or LDAP server backend using NT Lan manager Authentication Protocol.<br>
<br>For example:<br>Users file:<br>User Auth-Type :- ntlm_auth<br><br>In Active Directory<br>User should be a member.<br><br>So, then ntlm_auth requests will be passed from your Server to Active Directory or LDAP Server.<br>
<br>Otherwise you will not setup ntlm_auth.<br><br>SYED<br><br><div class="gmail_quote">On Thu, Oct 9, 2008 at 12:58 PM, <span dir="ltr"><<a href="mailto:Frederik.Niedernolte@bertelsmann.de">Frederik.Niedernolte@bertelsmann.de</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div link="blue" vlink="purple" lang="DE">
<div>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);" lang="EN-US">OK, I have tested it with "radtest MyUser MyPassword localhost 0
testing123" and this is what the server gave back:</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);" lang="EN-US"> </span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);" lang="EN-US">Ready to process requests.</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);" lang="EN-US">rad_recv: Access-Request packet from host <a href="http://127.0.0.1" target="_blank">127.0.0.1</a> port 32793,
id=92, length=58</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);" lang="EN-US"> User-Name = "MyUser"</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);" lang="EN-US"> User-Password = "MyPassword"</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);" lang="EN-US"> NAS-IP-Address = IP.OF.THE.SERVER</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);" lang="EN-US"> NAS-Port = 0</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);" lang="EN-US">+- entering group authorize {...}</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);" lang="EN-US">++[preprocess] returns ok</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);" lang="EN-US">++[chap] returns noop</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);" lang="EN-US">++[mschap] returns noop</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);" lang="EN-US">[suffix] No '@' in User-Name = "MyUser", looking up
realm NULL</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);" lang="EN-US">[suffix] No such realm "NULL"</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);" lang="EN-US">++[suffix] returns noop</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);" lang="EN-US">[eap] No EAP-Message, not doing EAP</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);" lang="EN-US">++[eap] returns noop</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);" lang="EN-US">++[unix] returns notfound</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);" lang="EN-US">++[files] returns noop</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);" lang="EN-US">++[expiration] returns noop</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);" lang="EN-US">++[logintime] returns noop</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);" lang="EN-US">[pap] WARNING! No "known good" password found for the
user. Authentication may fail because of this.</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);" lang="EN-US">++[pap] returns noop</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);" lang="EN-US">No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);" lang="EN-US">Failed to authenticate the user.</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);" lang="EN-US">Using Post-Auth-Type Reject</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);" lang="EN-US">+- entering group REJECT {...}</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);" lang="EN-US">[attr_filter.access_reject] expand: %{User-Name} -> MyUser</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);" lang="EN-US"> attr_filter: Matched entry DEFAULT at line 11</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);" lang="EN-US">++[attr_filter.access_reject] returns updated</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);" lang="EN-US">Delaying reject of request 0 for 1 seconds</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);" lang="EN-US">Going to the next request</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);" lang="EN-US">Waking up in 0.9 seconds.</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);" lang="EN-US">Sending delayed reject for request 0</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);" lang="EN-US">Sending Access-Reject of id 92 to <a href="http://127.0.0.1" target="_blank">127.0.0.1</a> port 32793</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);" lang="EN-US">Waking up in 4.9 seconds.</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);" lang="EN-US">Cleaning up request 0 ID 92 with timestamp +3710</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);" lang="EN-US">Ready to process requests.</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);" lang="EN-US"> </span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);" lang="EN-US">Now what should I do?<br>
Thanks in advance.</span><span style="font-size: 9pt; color: rgb(31, 73, 125);" lang="EN-US"></span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);" lang="EN-US"> </span></p>
<div style="border-style: solid none none; border-color: rgb(181, 196, 223) -moz-use-text-color -moz-use-text-color; border-width: 1pt medium medium; padding: 3pt 0cm 0cm;">
<p><b><span style="font-size: 10pt;">Von:</span></b><span style="font-size: 10pt;">
freeradius-users-bounces+frederik.niedernolte=<a href="http://bertelsmann.de" target="_blank">bertelsmann.de</a>@<a href="http://lists.freeradius.org" target="_blank">lists.freeradius.org</a>
[mailto:<a href="mailto:freeradius-users-bounces%2Bfrederik.niedernolte" target="_blank">freeradius-users-bounces+frederik.niedernolte</a>=<a href="http://bertelsmann.de" target="_blank">bertelsmann.de</a>@<a href="http://lists.freeradius.org" target="_blank">lists.freeradius.org</a>]
<b>Im Auftrag von </b>Syed Anwarul Hasan<br>
<b>Gesendet:</b> Donnerstag, 9. Oktober 2008 12:12<div><div></div><div class="Wj3C7c"><br>
<b>An:</b> FreeRadius users mailing list<br>
<b>Betreff:</b> Re: Problem with ntlm_auth</div></div></span></p>
</div><div><div></div><div class="Wj3C7c">
<p> </p>
<div>
<p style="margin-bottom: 12pt;">Hi,<br>
You can use radtest tool to check with the Server.The Server will return
accept-accept message.<br>
Other tool includes JRadius Simulator as IVAN told. bu I have not used it.<br>
Otherwise If you have a Native PEAP or TTLS client, you can sent MSCHAP
requests to use ntlm_auth with Active DIRECTORY or LDAP server backend.(if you
have)<br>
<br>
SYED<br>
<br>
</p>
<div>
<p>On Thu, Oct 9, 2008 at 11:54 AM, <<a href="mailto:Frederik.Niedernolte@bertelsmann.de" target="_blank">Frederik.Niedernolte@bertelsmann.de</a>>
wrote:</p>
<div>
<div>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);">Thanks, now it works :)</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);"> </span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);" lang="EN-US">Now the last step:
How can I test it? What tool/program etc. can/should I use to test it?</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);" lang="EN-US">"</span><span lang="EN-US">The </span><code><span style="font-size: 10pt;" lang="EN-US">radclient</span></code><span lang="EN-US"> cannot currently be used to send this request, unfortunately, which
makes testing a little difficult If everything goes well, you should see the
server returning an </span><a href="http://freeradius.org/rfc/rfc2865.html#Access-Accept" target="_blank"><span lang="EN-US">Access-Accept</span></a><span lang="EN-US"> message as above."</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);" lang="EN-US"> </span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);">Mit freundlichen Grüßen / Kind
regards</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);">Frederik Niedernolte<br>
-------------------------------------------------------<br>
</span><span style="font-size: 11pt; color: rgb(89, 89, 89);">arvato</span><span style="font-size: 11pt; color: rgb(31, 73, 125);"> </span><span style="font-size: 11pt; color: rgb(0, 112, 192);">services</span><span style="font-size: 11pt; color: black;"><br>
</span><span style="font-size: 11pt; color: rgb(31, 73, 125);">An der Autobahn<br>
33310 Gütersloh<br>
Germany<br>
<a href="http://www.arvato-services.de" title="blocked::www.arvato-direct-services.de" target="_blank">http://www.arvato-services.de</a><br>
</span><span style="font-size: 11pt; color: blue;"><a href="mailto:frederik.niedernolte@bertelsmann.deTel" target="_blank">frederik.niedernolte@bertelsmann.de</a></span><span style="font-size: 11pt; color: rgb(31, 73, 125);"><br>
Tel.: +49 (0)5241 80-40554</span></p>
<p><span style="font-size: 9pt; color: rgb(31, 73, 125);">arvato services GmbH: Sitz
Gütersloh | Amtsgericht Gütersloh HRB 3826 | Geschäftsführer Ralf
Bierfischer, Bodo Krönfeld, Markus Schmedtmann, Eckhard Südmersen</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);"> </span></p>
<div style="border-style: solid none none; border-color: -moz-use-text-color; border-width: 1pt medium medium; padding: 3pt 0cm 0cm;">
<p><b><span style="font-size: 10pt;">Von:</span></b><span style="font-size: 10pt;"> freeradius-users-bounces+frederik.niedernolte=<a href="http://bertelsmann.de" target="_blank">bertelsmann.de</a>@<a href="http://lists.freeradius.org" target="_blank">lists.freeradius.org</a>
[mailto:<a href="mailto:freeradius-users-bounces%2Bfrederik.niedernolte" target="_blank">freeradius-users-bounces+frederik.niedernolte</a>=<a href="http://bertelsmann.de" target="_blank">bertelsmann.de</a>@<a href="http://lists.freeradius.org" target="_blank">lists.freeradius.org</a>] <b>Im
Auftrag von </b>Syed Anwarul Hasan<br>
<b>Gesendet:</b> Donnerstag, 9. Oktober 2008 11:44<br>
<b>An:</b> FreeRadius users mailing list<br>
<b>Betreff:</b> Re: Problem with ntlm_auth</span></p>
</div>
<div>
<div>
<p> </p>
<div>
<p style="margin-bottom: 12pt;">Hi Frederik,<br>
<br>
1) Put User entry on <b>TOP</b> of users file.<br>
2) In default file, in authenticate section, add <b>ntlm_auth. </b>Don't set
using Auth-Type.<br>
3) Also in Sites-enabled/inner-tunnel which is Virtual Server Inner Tunnel. Add
<b>ntlm_auth</b> in Authenticate Section.<br>
<br>
I hope it will solve your problem.<br>
SYED<br>
<br>
</p>
<div>
<p>On Thu, Oct 9, 2008 at 11:17 AM, <<a href="mailto:Frederik.Niedernolte@bertelsmann.de" target="_blank">Frederik.Niedernolte@bertelsmann.de</a>>
wrote:</p>
<div>
<div>
<p><span lang="EN-US">I have finished all steps till „<b>user</b> Auth-Type
:= ntlm_auth" from <a href="http://deployingradius.com/documents/configuration/active_directory.html" target="_blank">http://deployingradius.com/documents/configuration/active_directory.html</a>.</span></p>
<p><span lang="EN-US">With this command I get this error message at the end of
"/usr/sbin/freeradius –X":</span></p>
<p><span lang="EN-US"> </span></p>
<p><span style="font-size: 9pt;" lang="EN-US">/etc/freeradius/users[1]: Parse
error (check) for entry MyUser: Unknown value ntlm_auth for attribute Auth-Type</span></p>
<p><span style="font-size: 9pt;" lang="EN-US">Errors reading
/etc/freeradius/users</span></p>
<p><span style="font-size: 9pt;" lang="EN-US">/etc/freeradius/modules/files[7]:
Instantiation failed for module "files"</span></p>
<p><span style="font-size: 9pt;" lang="EN-US">/etc/freeradius/sites-enabled/inner-tunnel[111]:
Failed to find module "files".</span></p>
<p><span style="font-size: 9pt;" lang="EN-US">/etc/freeradius/sites-enabled/inner-tunnel[34]:
Errors parsing authorize section.</span></p>
<p><span style="font-size: 9pt;" lang="EN-US"> }</span></p>
<p><span style="font-size: 9pt;" lang="EN-US">}</span></p>
<p><span style="font-size: 9pt;" lang="EN-US">Errors initializing modules</span></p>
<p><span lang="EN-US"> </span></p>
<p><span lang="EN-US">The authenticate section in the
/etc/freeradius/sites-enabled/default looks like this (only important part):</span></p>
<p><span lang="EN-US"> </span></p>
<p><span style="font-size: 9pt;" lang="EN-US">authenticate {</span></p>
<p><span style="font-size: 9pt;" lang="EN-US">#</span></p>
<p><span style="font-size: 9pt;" lang="EN-US"># NTML_AUTH authentication.</span></p>
<p><span style="font-size: 9pt;" lang="EN-US">Auth-Type ntlm_auth {</span></p>
<p><span style="font-size: 9pt;" lang="EN-US">
ntlm_auth</span></p>
<p><span style="font-size: 9pt;" lang="EN-US">}</span></p>
<p><span lang="EN-US"> </span></p>
<p><span lang="EN-US">What is wrong and what can I do to solve the problem?<br>
<br>
Thanks in advance.</span></p>
<p><span lang="EN-US">Best regards, F. Niedernolte</span></p>
</div>
</div>
<p><br>
-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a></p>
</div>
<p> </p>
</div>
</div>
</div>
</div>
</div>
<p><br>
-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a></p>
</div>
<p> </p>
</div>
</div></div></div>
</div>
<br>-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br></blockquote></div><br></div>