<div dir="ltr">And I also change eap.conf (default - PEAP and added my certificates)<div><div><span class="" style="white-space:pre">     </span>eap {</div><div><span class="" style="white-space:pre">              </span>default_eap_type = peap</div>
<div><span class="" style="white-space:pre">            </span>timer_expire     = 60</div><div><span class="" style="white-space:pre">              </span>ignore_unknown_eap_types = no</div><div><span class="" style="white-space:pre">              </span>cisco_accounting_username_bug = no</div>
<div><span class="" style="white-space:pre">            </span>max_sessions = 4096</div><div><br></div><div><span class="" style="white-space:pre">               </span>md5 {</div><div><span class="" style="white-space:pre">              </span>}</div><div>
<br></div><div><span class="" style="white-space:pre">              </span>leap {</div><div><span class="" style="white-space:pre">             </span>}</div><div><br></div><div><span class="" style="white-space:pre">         </span>gtc {</div><div><span class="" style="white-space:pre">                      </span>auth_type = PAP</div>
<div><span class="" style="white-space:pre">            </span>}</div><div><br></div><div><span class="" style="white-space:pre">         </span>tls {</div><div><span class="" style="white-space:pre">                      </span>certdir = ${confdir}/certs</div>
<div><span class="" style="white-space:pre">                    </span>cadir = ${confdir}/certs</div><div><span class="" style="white-space:pre">                   </span>private_key_file = /etc/ssl/private/friradius.key</div><div><span class="" style="white-space:pre">                  </span>certificate_file = /etc/ssl/certs/friradius.cer</div>
<div><span class="" style="white-space:pre">                    </span>CA_file = /etc/ssl/certs/cert.cer</div><div><span class="" style="white-space:pre">                  </span>dh_file = ${certdir}/dh</div><div><span class="" style="white-space:pre">                    </span>random_file = /dev/urandom</div>
<div><br></div><div><span class="" style="white-space:pre">                   </span>CA_path = ${cadir}</div><div><span class="" style="white-space:pre">                 </span>cipher_list = "DEFAULT"</div><div><span class="" style="white-space:pre">                  </span>make_cert_command = "${certdir}/bootstrap"</div>
<div><span class="" style="white-space:pre">                    </span>ecdh_curve = "prime256v1"</div><div><br></div><div><span class="" style="white-space:pre">                       </span>cache {</div><div><span class="" style="white-space:pre">                    </span>      enable = no</div>
<div><span class="" style="white-space:pre">                    </span>      lifetime = 24 # hours</div><div><span class="" style="white-space:pre">                        </span>      max_entries = 255</div><div><span class="" style="white-space:pre">                    </span>}</div>
<div><br></div><div><span class="" style="white-space:pre">                   </span>verify {</div><div><span class="" style="white-space:pre">                   </span>}</div><div><br></div><div><br></div><div><span class="" style="white-space:pre">                        </span>ocsp {</div>
<div><span class="" style="white-space:pre">                    </span>      enable = no</div><div><span class="" style="white-space:pre">                  </span>      override_cert_url = yes</div><div><span class="" style="white-space:pre">                      </span>      url = "<a href="http://127.0.0.1/ocsp/">http://127.0.0.1/ocsp/</a>"</div>
<div><span class="" style="white-space:pre">                    </span>}</div><div><span class="" style="white-space:pre">          </span>}</div><div><br></div><div><br></div><div><span class="" style="white-space:pre">                </span>ttls {</div><div>
<span class="" style="white-space:pre">                       </span>copy_request_to_tunnel = yes</div><div><span class="" style="white-space:pre">                       </span>use_tunneled_reply = yes</div><div><span class="" style="white-space:pre">                   </span>virtual_server = "inner-tunnel"</div>
<div><span class="" style="white-space:pre">            </span>}</div><div><br></div><div><span class="" style="white-space:pre">         </span>peap {</div><div><span class="" style="white-space:pre">                     </span>default_eap_type = mschapv2</div>
<div><span class="" style="white-space:pre">                    </span>copy_request_to_tunnel = yes</div><div><span class="" style="white-space:pre">                       </span>use_tunneled_reply = yes</div><div><span class="" style="white-space:pre">                   </span>virtual_server = "inner-tunnel"</div>
<div><span class="" style="white-space:pre">            </span>}</div><div><span class="" style="white-space:pre">          </span>mschapv2 {</div><div><span class="" style="white-space:pre">         </span>}</div><div><span class="" style="white-space:pre">  </span>}</div>
</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">2014-04-10 13:57 GMT+02:00 Rado Matisko <span dir="ltr"><<a href="mailto:rado.matisko2@gmail.com" target="_blank">rado.matisko2@gmail.com</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi I want to  set up my FR to connect to AD, which is on another host.<div>I was following this tutorial : <a href="http://deployingradius.com/documents/configuration/active_directory.html" target="_blank">http://deployingradius.com/documents/configuration/active_directory.html</a></div>

<div><br><div>I configured smb.conf and then krb5.conf and then this works great :</div><div><span style="color:rgb(64,64,64);font-family:courier;font-size:11px;line-height:18.239999771118164px">ntlm_auth --request-nt-key --domain=</span><b style="color:rgb(64,64,64);font-family:courier;font-size:11px;line-height:18.239999771118164px">MYDOMAIN</b><span style="color:rgb(64,64,64);font-family:courier;font-size:11px;line-height:18.239999771118164px"> --username=</span><b style="color:rgb(64,64,64);font-family:courier;font-size:11px;line-height:18.239999771118164px">user</b><span style="color:rgb(64,64,64);font-family:courier;font-size:11px;line-height:18.239999771118164px"> --password=</span><b style="color:rgb(64,64,64);font-family:courier;font-size:11px;line-height:18.239999771118164px">password</b><br>

</div><div><b style="color:rgb(64,64,64);font-family:courier;font-size:11px;line-height:18.239999771118164px"><br></b></div><div><b style="color:rgb(64,64,64);font-family:courier;font-size:11px;line-height:18.239999771118164px"><div>

root@friradius:/# ntlm_auth --request-nt-key --domain=FRI --username=hajtmanek --password=<password> </div><div>NT_STATUS_OK: Success (0x0)</div><div><br></div></b></div><div>Then I configured FR : </div><div>> commented "files" in sites-available/default and inner-tunnel and added <span style="color:rgb(64,64,64);font-family:courier;font-size:11px;line-height:18.239999771118164px">ntlm_auth in authorize section</span></div>

<div>> changed <span style="color:rgb(64,64,64);font-family:monospace;font-size:12px;line-height:18.239999771118164px">/modules/ntlm_auth</span></div><div><br></div><div><br></div><div>After running <b>radtest</b> I get this debug :</div>

<div><div># Executing section authorize from file /etc/freeradius/sites-enabled/default</div><div>+- entering group authorize {...}</div><div>++[preprocess] returns ok</div><div>++[chap] returns noop</div><div>++[mschap] returns noop</div>

<div>++[digest] returns noop</div><div>[suffix] No '@' in User-Name = "eduroam", looking up realm NULL</div><div>[suffix] No such realm "NULL"</div><div>++[suffix] returns noop</div><div>[eap] No EAP-Message, not doing EAP</div>

<div>++[eap] returns noop</div><div>++[expiration] returns noop</div><div>++[logintime] returns noop</div><div>[pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.</div>

<div>++[pap] returns noop</div><div>ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user</div><div>Failed to authenticate the user.</div><div>Login incorrect: [eduroam] (from client localhost port 0)</div>

<div>Using Post-Auth-Type Reject</div><div># Executing group from file /etc/freeradius/sites-enabled/default</div><div>+- entering group REJECT {...}</div><div>[attr_filter.access_reject] <span style="white-space:pre-wrap">       </span>expand: %{User-Name} -> eduroam</div>

<div>attr_filter: Matched entry DEFAULT at line 11</div><div>++[attr_filter.access_reject] returns updated</div></div><div><br></div><div><br></div><div>Apparently I'm missing something but tried to follow tutorial.</div>

<div><br></div><div><br></div><div><br><div><br></div></div></div></div>
</blockquote></div><br></div>