Re: Configuring FreeRADIUS to use ntlm_auth
Hi Ivan: I did what you recommended but it didn´t work. The output of my FreeRadius (radiusd -X) was : Ready to process requests. rad_recv: Access-Request packet from host 10.4.3.248:32768, id=97, length=65 User-Name = "copel\\charles" User-Password = "password" Service-Type = Authenticate-Only NAS-IP-Address = 200.195.147.120 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "copel\charles", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 modcall[authorize]: module "files" returns notfound for request 0 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 0 modcall: leaving group authorize (returns ok) for request 0 auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 97 to 10.4.3.248 port 32768 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 97 with timestamp 46ee867a Nothing to do. Sleeping until we see a request. Any idea ? Best Regards, Charles. <tnt@kalik.co.yu> Enviado Por: freeradius-users-bounces@lists.freeradius.org 14/09/2007 16:48 Favor responder a FreeRadius users mailing list Para: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> cc: cco: Charles Alcantara Borba/COPEL Assunto: Re: Configuring FreeRADIUS to use ntlm_auth Auth-Type System is coming from the DEFAULT entry towards the end of users file. Comment it out. Ivan Kalik Kalik Informatika ISP Dana 14/9/2007, "charles@copel.com" <charles@copel.com> pi?e:
Alan:
Now I am trying to "Configuring my FreeRadius to use ntlm_auth for MS-CHAP" to authenticate my NT users, ok ?
The page does document that. ==> I am trying to following this document.
After that I configure the radiusd.conf file with the necessary changes (about ntlm_auth), I am trying to test the authenticate with a valid user of my NT Domain (by radtest) and the FreeRadius reject it.
radtest doesn't do MS-CHAP. The page tries to make this clear. ==> Sorry ... but I hadn´t understood it (I thought that just radclient doesn´t work). Now I know that radtest too ...
The output of my FreeRadius´s console: .... rad_check_password: Found Auth-Type System
You've done rather a lot more than just add "ntlm_auth" to the "authenticate" section. This means that the config that previously worked... now doesn't work. ==> I think this configuration is original (FreeRadius instalation´s). Because, in the previous test this configuration was already there. And the previous test works (Configuring FreeRADIUS to use ntlm_auth)!
Go back to using the working configuration, and use a client that does MS-CHAP. This usually means trying a real login, without using "radtest" or "radclient". ==> I tried to use the working configuration with a real login, but the behavior is the same, it appears the message that you mencioned: "rad_check_password: Found Auth-Type System"
Can you help me ? Best Regards, Charles.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Esta mensagem e seus anexos foram verificados por software anti-vírus. Recomenda-se que no sejam abertos e/ou executados anexos de mensagens de conteúdo ou remetente duvidoso.
charles@copel.com wrote:
The output of my FreeRadius (radiusd -X) was : ... auth: No authenticate method (Auth-Type) configuration found for the
You are not following the directions in the web page you claim to be reading. You DID have it working at one point. The debug log you posted showed it working. However, when you went to try the *next* thing, you also broke the configuration you had working. Start from a default configuration, and follow the web page. It really isn't that hard. You've already done it. Alan DeKok.
participants (2)
-
Alan DeKok -
charles@copel.com