<div dir="ltr">Hi there!<br><br>First of all, I'd like to thank everybody in this forum for the help you provide. This forum has been very helpful for me in order to deploy and make my FreeRADIUS server work.<br><br><div>
However, I'm facing a config problem that I couldn't solve just searching on this forum. So, I need a little bit of help with it.<br><br>I'm running FreeRADIUS Version 2.2.0 and I've managed to make the server work to authenticate users against our AD. I'm using ntlm_auth + mschap + ldap. Everything works very fine with domain users. I have no problem.</div>
<div><br>I use the ldap module in order to authenticate just some users inside specific groups and also, assigning the VLAN dynamically.<br><br>The issue comes when I try to authenticate users from a different domain. I highlight that both domains share a trust relationship.<br>
I read on the forum that just configuring NTLM module adding the trusted domain would work, but for the moment, it doesn't work.<br><br>I'll show you part of my config for this purpose: <br><br>NTLM_AUTH Module:</div>
<div><br></div><div><div>exec ntlm_auth {</div><div> wait = yes</div><div> program = "/usr/bin/ntlm_auth --request-nt-key --username=%{%{Stripped-User-Name}:-%{mschap:User-Name:-None}} --domain=%{%{mschap:NT-Domain}:-MAIN-DOMAIN} --domain=%{%{mschap:NT-Domain}:-TRUSTED-DOMAIN}--challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"</div>
<div>}</div><br></div><div>If I exec the command: <br><br><div>ntlm_auth --request-nt-key --domain=TRUSTED-DOMAIN --username=USER-TURSTED-DOMAIN --password=********</div><div>NT_STATUS_OK: Success (0x0)<br><br>As you can see, ntlm module works. However, when the request comes through the radius I get a prompt from ldap module saying "object (user) not found". <br>
<br>This is the error from the debug output:<br><br><div>[ldap] object not found</div><div>rlm_ldap::ldap_groupcmp: search failed<br><br><br>The user from the trusted domain is inside the same group for users from my domain. The ldap search works for user form my domain, but fails when it tries to search a user from the trusted domain. <br>
<br>I guess the problem lies on the ldap module. However, I don't fully understand where the config problem can be.</div></div></div><div><br><br>Any help would be appreciate it very much.<br><br><br>Thank you so much in advance. And have a great day!<br>
<br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div>
</div>