Sorry about the "unreadable".... so, for the guide: all works ... and this "$ radtest -t mschap bob hello localhost 0 testing123 --> OK" is working great succefull: My problem is when "the laptop" does send "domain\user and pass" ... to the radius..... (again, user pass works great) Here is the freeradius -X better layout and readibility rad_recv: Access-Request packet from host 10.2.103.17 port 59985, id=177, length=173 User-Name = "galaxy\\test" NAS-Identifier = "44d9e7fc21c1" NAS-Port = 0 Called-Station-Id = "46-D9-E7-FD-21-C1:FreeRadius" Calling-Station-Id = "00-1E-65-22-14-C2" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11b" EAP-Message = 0x027300100167616c6178795c74657374 Message-Authenticator = 0x3d46f71089cc7034c3a6636b891a17af# Executing section authorize from file /etc/freeradius/sites-enabled/default+group authorize {++[preprocess] = ok[ntdomain] Looking up realm "galaxy" for User-Name = "galaxy\test"[ntdomain] Found realm "GALAXY"[ntdomain] Adding Stripped-User-Name = "test"[ntdomain] Adding Realm = "GALAXY"[ntdomain] Authentication realm is LOCAL.++[ntdomain] = ok[suffix] Request already proxied. Ignoring.++[suffix] = ok++[chap] = noop++[mschap] = noop++[digest] = noop[suffix] Request already proxied. Ignoring.++[suffix] = ok[eap] EAP packet type response id 115 length 16[eap] No EAP Start, assuming it's an on-going EAP conversation++[eap] = updated++[files] = noop++[expiration] = noop++[logintime] = noop[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.++[pap] = noop+} # group authorize = updatedFound Auth-Type = EAP# Executing group from file /etc/freeradius/sites-enabled/default+group authenticate {[eap] EAP Identity[eap] processing type tls[tls] Initiate[tls] Start returned 1++[eap] = handled+} # group authenticate = handledSending Access-Challenge of id 177 to 10.2.103.17 port 59985 EAP-Message = 0x017400061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf1d729faf1a330fa1233dbe164274a4fFinished request 1.Going to the next requestWaking up in 4.9 seconds. Again, sorry, it was my first post ... ;-) Thanks
Subject: Re: FreeRadius - Wifi - Active directory (Eap-Peap-MSCHAP) From: aland@deployingradius.com Date: Thu, 5 May 2016 17:14:13 -0400 To: pierre@milkanet.be; freeradius-users@lists.freeradius.org
On May 5, 2016, at 5:07 PM, Milka Net <pierre_dejong@hotmail.com> wrote:
Hello, I am trying to set a freeradius authentification against a MS Active directory for Wifi.
Follow my guide:
http://deployingradius.com/documents/configuration/active_directory.html
all went right: - debian in AD - net ads testjoin- wbinfo -a test- /usr/bin/ntlm_auth --request-nt-key --domain=DOM --username=u1 --password=thepassord So basically: authenticating with a AD user is really fine.... even from a "windows 7" laptop is fine, AS LONG as i get prompt for the user/pass, and that I enter it in the form or USER/PASS When i try to use the "automatic", so that it's the "laptop" that sends the credential, it does not work: it does send it as: DOMAIN\\USER. domain: galaxy.privuser: test here is the freeradius -X output.
Which is mangled and unreadable.
Would you guys have any things i could test? Any advice would be welcome !
Follow my guide, and it will work.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html