<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-text-html" lang="x-western"> I've been running
FreeRadius 2 on Centos 5.5 for a while now. So far so good. I'm
now looking to make connecting to our WPA secured wireless easier.<br>
<br>
The RADIUS server is running in a VM and since the system is in
use I have copied the original and used that copy to create a test
environment. I have run through all system updates and have
upgraded all relevant packages. The test system is at 5.6 now. <br>
<br>
Currently with Windows machines I can't just connect to the SSID
and enter in a username and password. I have to go and manually
add the SSID, modify some settings; specifically turning off
validating server certificate, turning off automatically use my
Windows login, and turning on User or computer authentication
mode.<br>
<br>
We also have some OS X clients. Fortunately connecting via OS X is
easier. The catch is that I have to join the machine to our
domain. After that it's pretty much username and password, and
they are on.<br>
<br>
Ideally I would like to have a simple "connect to this SSID, enter
your username and password and that's it" solution and still have
all requests checked against our Active Directory server.<br>
<br>
On a side note. I'm going through my settings trying to get this
working more smoothly and I ran across:<br>
<br>
wbinfo –a user%password (yes I'm adding in my username and pass)<br>
<br>
plaintext password authentication succeeded<br>
challenge/response password authentication failed<br>
error code was NT_STATUS_ACCESS_DENIED (0xc0000022)<br>
error messsage was: winbind client not authorized to use
winbindd_pam_auth_crap. Ensure permissions on
/var/cache/samba/winbindd_privileged are set correctly.<br>
Could not authenticate user MYUSERNAME with challenge/response<br>
<br>
I know the 2 error lines are permissions related. I'm not sure
what the permissions should be on this file/folder. Can someone
let me know this?<br>
<br>
The tutorial from FreeRadius says that I should get output similar
to:<br>
<br>
plaintext password authentication failed<br>
error code was NT_STATUS_NO_SUCH_USER (0xc0000064)<br>
error message was: No such user<br>
Could not authenticate user CHSchwartz%mypassword with plaintext
password<br>
<br>
Yet<br>
<br>
ntlm_auth --request-nt-key --domain=MYDOMAIN --username=MYUSERNAME<br>
NT_STATUS_OK: Success (0x0)<br>
<br>
So the Auth is working. I don't understand though why my AD server
is letting cleartext passwords through. It shouldn't right?<br>
<br>
Any help would be greatly appreciated.<br>
<br>
Dan<br>
<span style="font-size:10.0pt;font-family:"Lucida
Grande"; mso-bidi-font-family:"Times New Roman""><a
href="http://www.liai.org"><span class="GramE"></span></a></span>
<div class="moz-signature">
<div class="WordSection1"> </div>
</div>
<span style="font-size:10.0pt;font-family:"Lucida
Grande"; mso-bidi-font-family:"Times New Roman""><a
href="http://www.liai.org"><span class="GramE"></span></a></span>
<div class="moz-signature">
<div class="WordSection1"> </div>
</div>
</div>
<span style="font-size:10.0pt;font-family:"Lucida Grande";
mso-bidi-font-family:"Times New Roman""><a
href="http://www.liai.org"><span class="GramE"></span></a><o:p></o:p></span>
<div class="moz-signature">
<div class="WordSection1">
</div>
</div>
</body>
</html>