HI, I have a big problem that seams dont have solution. I have a openser server that should autenticated the users from Active Directory trough the FreeRadius. The session of FreeRadius and Active Directory is stablished, but when the user try autenticate, its dont work. See the debug of Radius: radius_xlat: 'ou=bli,dc=blo,dc=blu,dc=br' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=bli,dc=blo,dc=blu,dc=br, with filter (uid=jab) rlm_ldap: object not found or got ambiguous search result <---------- rlm_ldap: search failed <----------! rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns notfound for request 47 <---------- modcall: leaving group authorize (returns ok) for request 47 rad_check_password: Found Auth-Type DIGEST auth: type "digest" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 47 rlm_digest: Configuration item "User-Password" or MD5-Password is required for authentication. <---------- essa linha!!! modcall[authenticate]: module "digest" returns invalid for request 47 <---------- modcall: leaving group authenticate (returns invalid) for request 47 auth: Failed to validate the user. <---------- I see in some tutorials show how authenticate in a domain to use one tool called ntlm_auth, but it seams that only work with the mschap protocol, and the openser uses the digest. What to do? Any ideia? Its necessarily to do some configuration in the users or another files? Thanks.. --------------------------------- Você quer respostas para suas perguntas? Ou você sabe muito e quer compartilhar seu conhecimento? Experimente o Yahoo! Respostas!
Artur Hayne <arturhayne@yahoo.com.br> wrote:
I have a big problem that seams dont have solution. I have a openser server that should autenticated the users from Active Directory trough the FreeRadius. The session of FreeRadius and Active Directory is stablished, but when the user try autenticate, its dont work.
Active Directory does not supply clear-text passwords to FreeRADIUS. In many cases, Active Directory doesn't *have* the clear-text passwords. Digest authentication is impossible when the passwords are in Active Directory. Sorry.
I see in some tutorials show how authenticate in a domain to use one tool called ntlm_auth, but it seams that only work with the mschap protocol, and the openser uses the digest.
Yes. ntlm_auth will not help you.
What to do? Any ideia?
Use another database, like OpenLDAP or MySQL. Active Directory is responsible for making Digest authentication impossible.
Its necessarily to do some configuration in the users or another files?
No. There is NOTHING you can do except use another database. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
participants (2)
-
Alan DeKok -
Artur Hayne