<div dir="ltr">Hi I want to set up my FR to connect to AD, which is on another host.<div>I was following this tutorial : <a href="http://deployingradius.com/documents/configuration/active_directory.html">http://deployingradius.com/documents/configuration/active_directory.html</a></div>
<div><br><div>I configured smb.conf and then krb5.conf and then this works great :</div><div><span style="color:rgb(64,64,64);font-family:courier;font-size:11px;line-height:18.239999771118164px">ntlm_auth --request-nt-key --domain=</span><b style="color:rgb(64,64,64);font-family:courier;font-size:11px;line-height:18.239999771118164px">MYDOMAIN</b><span style="color:rgb(64,64,64);font-family:courier;font-size:11px;line-height:18.239999771118164px"> --username=</span><b style="color:rgb(64,64,64);font-family:courier;font-size:11px;line-height:18.239999771118164px">user</b><span style="color:rgb(64,64,64);font-family:courier;font-size:11px;line-height:18.239999771118164px"> --password=</span><b style="color:rgb(64,64,64);font-family:courier;font-size:11px;line-height:18.239999771118164px">password</b><br>
</div><div><b style="color:rgb(64,64,64);font-family:courier;font-size:11px;line-height:18.239999771118164px"><br></b></div><div><b style="color:rgb(64,64,64);font-family:courier;font-size:11px;line-height:18.239999771118164px"><div>
root@friradius:/# ntlm_auth --request-nt-key --domain=FRI --username=hajtmanek --password=<password> </div><div>NT_STATUS_OK: Success (0x0)</div><div><br></div></b></div><div>Then I configured FR : </div><div>> commented "files" in sites-available/default and inner-tunnel and added <span style="color:rgb(64,64,64);font-family:courier;font-size:11px;line-height:18.239999771118164px">ntlm_auth in authorize section</span></div>
<div>> changed <span style="color:rgb(64,64,64);font-family:monospace;font-size:12px;line-height:18.239999771118164px">/modules/ntlm_auth</span></div><div><br></div><div><br></div><div>After running <b>radtest</b> I get this debug :</div>
<div><div># Executing section authorize from file /etc/freeradius/sites-enabled/default</div><div>+- entering group authorize {...}</div><div>++[preprocess] returns ok</div><div>++[chap] returns noop</div><div>++[mschap] returns noop</div>
<div>++[digest] returns noop</div><div>[suffix] No '@' in User-Name = "eduroam", looking up realm NULL</div><div>[suffix] No such realm "NULL"</div><div>++[suffix] returns noop</div><div>[eap] No EAP-Message, not doing EAP</div>
<div>++[eap] returns noop</div><div>++[expiration] returns noop</div><div>++[logintime] returns noop</div><div>[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.</div>
<div>++[pap] returns noop</div><div>ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user</div><div>Failed to authenticate the user.</div><div>Login incorrect: [eduroam] (from client localhost port 0)</div>
<div>Using Post-Auth-Type Reject</div><div># Executing group from file /etc/freeradius/sites-enabled/default</div><div>+- entering group REJECT {...}</div><div>[attr_filter.access_reject] <span class="" style="white-space:pre"> </span>expand: %{User-Name} -> eduroam</div>
<div>attr_filter: Matched entry DEFAULT at line 11</div><div>++[attr_filter.access_reject] returns updated</div></div><div><br></div><div><br></div><div>Apparently I'm missing something but tried to follow tutorial.</div>
<div><br></div><div><br></div><div><br><div><br></div></div></div></div>