hi Fajar <br>I did read the replies as well as Alan's page. Being a newbie to FR i actually started with that only. <br><br><div class="gmail_quote">On Sat, Jan 21, 2012 at 7:44 PM, Fajar A. Nugraha <span dir="ltr"><<a href="mailto:list@fajar.net">list@fajar.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Did you REALLY read the replies sent to this list?<br>
Did you REALLY read Alan's page,<br>
<a href="http://deployingradius.com/documents/configuration/active_directory.html" target="_blank">http://deployingradius.com/documents/configuration/active_directory.html</a><br>
to the end?<br>
<br></blockquote><div><br>The version of radtest on my system doesnt support the -t option, hence even after doing radtest -h I could not find anything. I settled for jradius client to achieve the same effect already. Have tried upgrading the package but its already in the latest version. <br>
<br></div><blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
If yes, you'd know that:<br>
- radtest can send mschap request as well (see 'radtest -h')<br>
</blockquote><div><br>The only changes I have done to default config is in the inner tunnel or default file. Attaching the same if you may have a look. I have never blamed Alan that his recipe is flawed. <br> </div><blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
- Alan's page, up to 'Configuring FreeRADIUS to use ntlm_auth',<br>
contains detailed instruction on how to make FR works with AD and pap.<br>
If you can't get it to work, that means you're doing something wrong.<br>
Probably editing some entries you shouldn't, since your ntlm_auth<br>
result is OK (which means samba + AD part is working correctly). It's<br>
perfectly fine to be creative and edit the config file as you see fit,<br>
but ONLY if you know what you're doing. If you're given a recipe, and<br>
choose to stray from it, and messed up, don't blame the guy who<br>
created the recipe.<br>
</blockquote><div><br>The PAP things is already working fine as I mentioned earlier and have followed every bit of Alans guide. Would redo the things again if it works. <br> </div><blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
- Also on Alan's page, there's the section 'Configuring FreeRADIUS to<br>
use ntlm_auth for MS-CHAP'. That pretty much answers the last part of<br>
your question, but ONLY if you already got pap working properly.<br></blockquote><div class="h5"> <br>
</div></div><br>Attaching the inner tunnel and default file, please go through the same and point out if something is amiss.....<br><br>Default File <br>------------------------------------------------------------------------------<br>
authorize {<br> preprocess<br><br># auth_log<br> chap<br> mschap<br># digest<br># wimax<br># IPASS<br> suffix<br># ntdomain<br> eap {<br> ok = return<br> }<br># unix<br># files<br>
# sql<br> ntlm_auth<br># etc_smbpasswd<br># ldap<br># checkval<br> expiration<br> logintime<br> pap<br> #if(!control:Auth-Type) {<br> #update control {<br> # Auth-Type = "ntlm_auth"<br>
#}<br> #}<br># Autz-Type Status-Server {<br>#<br># }<br>}<br><br>authenticate {<br> Auth-Type NTLM_AUTH {<br> ntlm_auth<br> }<br> Auth-Type PAP {<br> pap<br> }<br> Auth-Type CHAP {<br>
chap<br> }<br> Auth-Type MS-CHAP {<br> mschap<br> }<br># digest<br><br># pam<br># unix<br># Auth-Type LDAP {<br># ldap<br># }<br> eap<br># Auth-Type eap {<br># eap {<br>
# handled = 1 <br># }<br># if (handled && (Response-Packet-Type == Access-Challenge)) {<br># attr_filter.access_challenge.post-auth<br># handled # override the "updated" code from attr_filter<br>
# }<br># }<br>}<br><br>INNER TUNNEL FILE <br>--------------------------------------------------<br>server inner-tunnel {<br><br>#listen {<br># ipaddr = 127.0.0.1<br># port = 18120<br># type = auth<br>
#}<br><br>authorize {<br> chap<br> mschap<br># unix<br># IPASS<br> suffix<br># ntdomain<br> update control {<br> Proxy-To-Realm := LOCAL<br> }<br> eap {<br> ok = return<br> }<br>
files<br> #sql<br> ntlm_auth<br># etc_smbpasswd<br># ldap<br># daily<br># checkval<br> expiration<br> logintime<br> pap<br>}<br><br><br>authenticate {<br> Auth-Type PAP {<br> pap<br>
}<br> Auth-Type CHAP {<br> chap<br> }<br> Auth-Type MS-CHAP {<br> mschap<br> }<br># pam<br> ntlm_auth<br># unix<br># Auth-Type LDAP {<br># ldap<br># }<br> eap<br>}<br>
<br><br clear="all"><br>-- <br><div><div><div>Regards</div></div><div><br></div><div>Dhiraj Gaur </div><div><br></div><img src=""><div> </div></div><br>