Hello, your password crypt key is used. not become in this ethereal can't recognize.
Auth-Type CHAP { chap }
Auth-Type MS-CHAP { mschap }
you must show the full and state this in the file #ls /etc/raddact #vi radius.conf #vi clients.conf best regards, -- Ozgur Karatas CCNA & Network Engineer Linux System Administrator ozgur (at) ozgurkaratas dot com
----- Original Message ----- From: "Natalia Escalera" <nescalera@gmail.com> To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> Subject: Re: Freeradius + Microsoft Active Directory Date: Sat, 25 Feb 2006 11:53:20 -0600
Hello Mr. DeKok
Thank you for the fast response. The password is clear-text. We are using ethereal to debug why we are getting "Operations Error" on the Search Result. The Operation Errors comment is the following: "In order to perform this operation a successful bind must be completed."
The search request on ethereal from Freeradius to the active directory gives the following: Message Type: Search Request Message Length: 96 Response In: 469 Base DN: dc=test, dc=prt Scope: subtree (0x02) Derefence: Never (0x00) Size Limit: 0 Time Limit: 4 Attributes only: False Filter: (&(objectclass=person)(sAMAccountName=%u)) Attribute: uid ????we are not sending this attribute and we do not know where it is specified on Freeradius
Here are the settings given for LDAP module on radius.conf and user file:
#radius.conf ldap { server="xxx.xx.xxx.xxx"
identity ="" # If this is suppose to be the bind dn???
password = "mypassword" basedn ="dc=test,dc=prt"
#filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" filter ="(&(objectclass=person) (sAMAccountName=%u))"
# set this to 'yes' to use TLS encrypted connections # to the LDAP database by using the StartTLS extended # operation. # The StartTLS operation is supposed to be used with normal # ldap connections instead of using ldaps (port 689) connections start_tls = no
# tls_cacertfile = /path/to/cacert.pem # tls_cacertdir = /path/to/ca/dir/ # tls_certfile = /path/to/radius.crt # tls_keyfile = /path/to/radius.key # tls_randfile = /path/to/rnd # tls_require_cert = "demand"
# default_profile = "cn=radprofile,ou=dialup,o=My Org,c=UA" # profile_attribute = "radiusProfileDn" access_attr = "dialupAccess"
# Mapping of RADIUS dictionary attributes to LDAP # directory attributes. dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
timeout =5 timelimit =4 net_timeout =2 compare_check_items = yes
}
authenticate {
Auth-Type PAP { pap }
Auth-Type CHAP { chap }
Auth-Type MS-CHAP { mschap }
unix
Auth-Type LDAP { ldap }
eap }
#users file DEFAULT Auth-Type := LDAP Fall-Through = 1
Can you please tell us if there is something wrong or if we are missing something on the configuration files?
Thanks in advance, Nataly
On 2/25/06, Alan DeKok <aland@ox.org> wrote:
"Natalia Escalera" <nescalera@gmail.com> wrote:
I am setting up freeradius with Microsoft Active Directory. So far, I am able to connect to the server but not to authenticate a user. Can you please give me a hint of how the configuration files need to be set in order to authenticate the user.
If the RADIUS packets have clear-text passwords, then the normal LDAP module should work. If you're using PEAP or MS-CHAP, read "radiusd.conf",m and use "ntlm_auth".
Also, what is "3D" used for? (Example: server =3D your.ad.server.org ...)
Nothing. It's an artifact of stupid mailers. 3D is ASCII for '='.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
+-+-+-+ BEGIN PGP SIGNATURE +-+-+-+ Version: GnuPG v1.4.2 (GNU/Linux) .-. .-. _ : : : : :_; .-' : .--. : `-. .-. .--. ,-.,-. ' .; :' '_.'' .; :: :' .; ; : ,. : `.__.'`.__.'`.__.':_;`.__,_;:_;:_; Kai "Ozgur" Geek Network Engineer PGP ID: B1B63B6E +-+-+-+ END PGP SIGNATURE +-+-+-+ -- _______________________________________________ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze