Radtest doesn't do MSCHAP. Use different client: http://jradius.org/wiki/index.php/JRadiusSimulator Ivan Kalik Kalik Informatika ISP Dana 14/9/2007, "charles@copel.com" <charles@copel.com> piše:
Ok, Alan:
Thanks ... It works ...
Now I am trying to "Configuring my FreeRadius to use ntlm_auth for MS-CHAP" to authenticate my NT users, ok ?
After that I configure the radiusd.conf file with the necessary changes (about ntlm_auth), I am trying to test the authenticate with a valid user of my NT Domain (by radtest) and the FreeRadius reject it.
The output of my FreeRadius´s console:
[root@FreeRADIUS /usr/local/etc/raddb]# radtest copel\charles password localhost 0 testfreeradius Sending Access-Request of id 123 to 127.0.0.1 port 1812 User-Name = "copelcharles" User-Password = "password" NAS-IP-Address = 255.255.255.255 NAS-Port = 0 rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=123, length=20
The complete output of Radiusd -X:
Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1:52444, id=67, length=64 User-Name = "copelcharles" User-Password = "password" NAS-IP-Address = 255.255.255.255 NAS-Port = 0 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "copelcharles", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 users: Matched entry DEFAULT at line 153 modcall[authorize]: module "files" returns ok for request 0 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 0 modcall: leaving group authorize (returns ok) for request 0 rad_check_password: Found Auth-Type System auth: type "System" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 modcall[authenticate]: module "unix" returns notfound for request 0 modcall: leaving group authenticate (returns notfound) for request 0 auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 67 to 127.0.0.1 port 52444 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 67 with timestamp 46ea9900 Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 127.0.0.1:50643, id=123, length=64 User-Name = "copelcharles" User-Password = "password" NAS-IP-Address = 255.255.255.255 NAS-Port = 0 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: No '@' in User-Name = "copelcharles", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 1 users: Matched entry DEFAULT at line 153 modcall[authorize]: module "files" returns ok for request 1 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 1 modcall: leaving group authorize (returns ok) for request 1 rad_check_password: Found Auth-Type System auth: type "System" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 modcall[authenticate]: module "unix" returns notfound for request 1 modcall: leaving group authenticate (returns notfound) for request 1 auth: Failed to validate the user. Delaying request 1 for 1 seconds Finished request 1 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 123 to 127.0.0.1 port 50643 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 1 ID 123 with timestamp 46ea9dec Nothing to do. Sleeping until we see a request.
My samba is ok , I get to authenticate this user by "ntlm_auth" command line.
Any Idea ? Thanks, Charles.
Alan DeKok <aland@deployingradius.com> Enviado Por: freeradius-users-bounces@lists.freeradius.org 14/09/2007 10:32 Favor responder a FreeRadius users mailing list
Para: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> cc: cco: Charles Alcantara Borba/COPEL Assunto: Re: Configuring FreeRADIUS to use ntlm_auth
charles@copel.com wrote:
After I configure the users file with "user Auth-Type := ntlm_auth" (for testing purposes only), my FreeRadius don´t start and show the followings errors:
/usr/local/etc/raddb/users[1]: Parse error (check) for entry user: Unknown value ntlm_auth for attribute Auth-Type
You also have to list "ntlm_auth" in the "authenticate" section.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html