On Sep 3, 2017, at 1:12 PM, Jarett DeAngelis <jarett@bioteam.net> wrote:
I am trying to set up FreeRADIUS such that it can authenticate users for OpenVPN via Active Directory and pass a challenge back for a one-time passcode for two-factor authentication. Step one is getting AD authentication working, which appears to work fine when I do an ntlm_auth check except that FreeRADIUS denies the login. Can someone help me figure out what I’m doing wrong?
Follow my guide: http://deployingradius.com/documents/configuration/active_directory.html It will work.
Here is a log of a radtest login: ... +group authorize { ++[preprocess] = ok [ntlm_auth] expand: --username=%{mschap:User-Name} -> --username=fakeuser [ntlm_auth] expand: --password=%{User-Password} -> --password=fakepassword Exec output: NT_STATUS_OK: Success (0x0) Exec plaintext: NT_STATUS_OK: Success (0x0) [ntlm_auth] Exec: program returned: 0
That's nice, but it doesn't tell the server that the user has been authenticated.
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Failed to authenticate the user.
That should tell you something's wrong. Follow the guide. It will work. Alan DeKok.