Re: Configuring FreeRADIUS to use ntlm_auth
Alan: I think that I did just some changes describes in the document with the files: the users file: it is original (I delete the testing entry used "user Auth-Type := ntlm_auth"); the radisud.conf file: it is original with following changes: 1) the command "ntlm_auth" in the "authenticate" section; 2) the command "ntlm_auth" in the "modules" section: ntlm_auth = "/path/to/ntlm_auth --request-nt-key --username=%{mschap:User-Name:-None} --domain=%{mschap:NT-Domain:-MYDOMAIN} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}" Any idea ? Thanks. Charles. Alan DeKok <aland@deployingradius.com> Enviado Por: freeradius-users-bounces@lists.freeradius.org 16/09/2007 10:17 Favor responder a FreeRadius users mailing list Para: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> cc: cco: Charles Alcantara Borba/COPEL Assunto: Re: Configuring FreeRADIUS to use ntlm_auth charles@copel.com wrote:
radtest doesn't do MS-CHAP. The page tries to make this clear. ==> Sorry ... but I hadn´t understood it (I thought that just radclient doesn´t work). Now I know that radtest too ...
radtest is just a shell script wrapper around radclient.
You've done rather a lot more than just add "ntlm_auth" to the "authenticate" section. This means that the config that previously worked... now doesn't work. ==> I think this configuration is original (FreeRadius instalation´s). Because, in the previous test this configuration was already there. And the previous test works (Configuring FreeRADIUS to use ntlm_auth)!
It's either the original FreeRADIUS config, or the one you modified to get the previous test to work. Which one is it?
==> I tried to use the working configuration with a real login, but the behavior is the same, it appears the message that you mencioned: "rad_check_password: Found Auth-Type System"
Yes... because your configuration for THIS test is not the same as for the LAST test.
Can you help me ?
Believe me, I'm trying. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
charles@copel.com wrote:
I think that I did just some changes describes in the document with the files: the users file: it is original (I delete the testing entry used "user Auth-Type := ntlm_auth");
Which is why it's not using ntlm_auth for authentication.
the radisud.conf file: it is original with following changes: ...
And the server hasn't been told *how* to authenticate users. It either needs to be told what the "known good" password is, OR it needs to be told who else on the network can authenticate the user. Alan DeKok.
Hi,
I think that I did just some changes describes in the document with the files: the users file: it is original (I delete the testing entry used "user Auth-Type := ntlm_auth"); the radisud.conf file: it is original with following changes: 1) the command "ntlm_auth" in the "authenticate" section; 2) the command "ntlm_auth" in the "modules" section: ntlm_auth = "/path/to/ntlm_auth --request-nt-key --username=%{mschap:User-Name:-None} --domain=%{mschap:NT-Domain:-MYDOMAIN} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
err, for part 2 you HAVE TO MODIFY the path! /path/to/ntlm_auth wont work unless in a very strange set of circumstances you have a root directory called /path in which you have a directiry called 'to' and you've compiled your SAMBA to drop its binaries into that! eg /usr/local/bin/ntlm_auth is probably far more realistic! alan
participants (3)
-
A.L.M.Buxey@lboro.ac.uk -
Alan DeKok -
charles@copel.com