Hi Ivan: I did what you recommended but it didn´t work. The output of my FreeRadius (radiusd -X) was : Ready to process requests. rad_recv: Access-Request packet from host 10.4.3.248:32768, id=97, length=65 User-Name = "copel\\charles" User-Password = "password" Service-Type = Authenticate-Only NAS-IP-Address = 200.195.147.120 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "copel\charles", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 modcall[authorize]: module "files" returns notfound for request 0 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 0 modcall: leaving group authorize (returns ok) for request 0 auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 97 to 10.4.3.248 port 32768 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 97 with timestamp 46ee867a Nothing to do. Sleeping until we see a request. Any idea ? Best Regards, Charles. <tnt@kalik.co.yu> Enviado Por: freeradius-users-bounces@lists.freeradius.org 14/09/2007 16:48 Favor responder a FreeRadius users mailing list Para: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> cc: cco: Charles Alcantara Borba/COPEL Assunto: Re: Configuring FreeRADIUS to use ntlm_auth Auth-Type System is coming from the DEFAULT entry towards the end of users file. Comment it out. Ivan Kalik Kalik Informatika ISP Dana 14/9/2007, "charles@copel.com" <charles@copel.com> pi?e:
Alan:
Now I am trying to "Configuring my FreeRadius to use ntlm_auth for MS-CHAP" to authenticate my NT users, ok ?
The page does document that. ==> I am trying to following this document.
After that I configure the radiusd.conf file with the necessary changes (about ntlm_auth), I am trying to test the authenticate with a valid user of my NT Domain (by radtest) and the FreeRadius reject it.
radtest doesn't do MS-CHAP. The page tries to make this clear. ==> Sorry ... but I hadn´t understood it (I thought that just radclient doesn´t work). Now I know that radtest too ...
The output of my FreeRadius´s console: .... rad_check_password: Found Auth-Type System
You've done rather a lot more than just add "ntlm_auth" to the "authenticate" section. This means that the config that previously worked... now doesn't work. ==> I think this configuration is original (FreeRadius instalation´s). Because, in the previous test this configuration was already there. And the previous test works (Configuring FreeRADIUS to use ntlm_auth)!
Go back to using the working configuration, and use a client that does MS-CHAP. This usually means trying a real login, without using "radtest" or "radclient". ==> I tried to use the working configuration with a real login, but the behavior is the same, it appears the message that you mencioned: "rad_check_password: Found Auth-Type System"
Can you help me ? Best Regards, Charles.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Esta mensagem e seus anexos foram verificados por software anti-vírus. Recomenda-se que no sejam abertos e/ou executados anexos de mensagens de conteúdo ou remetente duvidoso.