On Jun 22, 2020, at 12:33 PM, Tim Young <Tim.Young@LightSys.org> wrote:
As per some help from some of you all, I nuked the previous config and walked through configuring from scratch. I am getting a bit farther, but still have some issues. I am now testing through an eduroam web-sign-in, where the actual main requests will come from. It appears to successfully authenticate via ntlm_auth, but then rejects me.
OK.
The below is an entirely different config than I had originally posted. I have done a search/replace on the user/domain/password just because I do not like dumping that info onto the internet.
Sure.
... (1) eap: No EAP-Message, not doing EAP (1) [eap] = noop (1) [files] = noop (1) ntlm_auth: Executing: /usr/bin/ntlm_auth --request-nt-key --domain=my.domain.edu --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} --password=%{User-Password}: (1) ntlm_auth: EXPAND --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} (1) ntlm_auth: --> --username=mytextusername (1) ntlm_auth: EXPAND --password=%{User-Password} (1) ntlm_auth: --> --password=mypassinplaintext (1) ntlm_auth: Program returned code (0) and output 'NT_STATUS_OK: The operation completed successfully. (0x0)' (1) ntlm_auth: Program executed successfully (1) [ntlm_auth] = ok
Why is ntlm_auth listed in the "authorize" section? My guide is pretty clear on where it goes: http://deployingradius.com/documents/configuration/active_directory.html Alan DeKok.