First, thanks Alan for your help, I managed to make it work with AD. Now I want to try to test to make EAP-TTLS with PAP to authenticate users in domain. I saw this link
http://lists.freeradius.org/mailman/htdig/freeradius-users/2008-March/msg00417.html
So I added following lines to modules section of radiusd.conf
exec ntlm_auth_pap {
wait = yes
input_pairs = request
shell_escape = yes
output = none
program = "/path/to/ntlm_auth --username=%{User-Name} --domain=EXCHANGE
--password=%{User-Password}"
}
and I edited /etc/freeradius/sites-available/default file and /etc/freeradius/sites-enabled/default, section authenticate to
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] eaptls_verify returned 7
[ttls] Done initial handshake
[ttls] eaptls_process returned 7
[ttls] Session established. Proceeding to decode tunneled attributes.
[ttls] Got tunneled request
User-Name = "testuser"
User-Password = "testuserpass"
FreeRADIUS-Proxied-To = 127.0.0.1
[ttls] Sending tunneled request
User-Name = "testuser"
User-Password = "testuserpass"
FreeRADIUS-Proxied-To = 127.0.0.1
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "testuser", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
Failed to authenticate the user.
} # server inner-tunnel
[ttls] Got tunneled reply code 3
[ttls] Got tunneled Access-Reject
SSL: Removing session 963d9312e7948dc613d384208137728dce44b3071923bb0c257aeaf9229a1a95 from the cache
[eap] Handler failed in EAP/ttls
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
If someone can help, that would be great. Thanks once again for your help with my previous question folks, I really appreciate it.