Richard Long wrote:
Hi all, I'm a bit stuck. I've stood up a CentOS server with FreeRADIUS so I can authenticate against Active Directory using a Cisco Wireless Controller. As you can see from the output below, I've got ntlm_auth and radtest working correctly, however, the wireless controller doesn't seem to be passing passwords to FreeRADIUS. I very obviously got something wrong in my setup, but I can't figure out what. I appreciate any help.
Have you followed the documentation? Go to wiki.freeradius.org, and type "active directory" into the search box. Or, read my active directory guide: http://deployingradius.com/documents/configuration/active_directory.html
[root@san-prod-rad-01 /]# ntlm_auth –-request-nt-key –-domain=NOTTELLING --username=mschmidt password: NT_STATUS_OK: Success (0x0)
That doesn't really help.
------------------------------------------------------------------------ [root@san-prod-rad-01 /]# radtest mschmidt ########## 127.0.0.1 0 C@tHelm3t Sending Access-Request of id 155 to 127.0.0.1 port 1812 User-Name = "mschmidt" User-Password = "#######" NAS-IP-Address = 10.X.X.111 NAS-Port = 0 Message-Authenticator = 0x00000000000000000000000000000000 rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=155, length=20
That doesn't really help, either.
------------------------------------------------------------------------ [root@san-prod-rad-01 ~]# radiusd -X ... rad_recv: Access-Request packet from host 192.168.130.5 port 32768, id=98, length=240 ... EAP-Message = 0x0201000d01616e74686f6e7962
Which is EAP...
[ntlm_auth] expand: --username=%{mschap:User-Name} -> --username=mschmidt [ntlm_auth] expand: --password=%{User-Password} -> --password= Exec-Program output: NT_STATUS_WRONG_PASSWORD: Wrong Password (0xc000006a)
Exactly. This is documented in great detail. Alan DeKok.