Authentification using MS-CHAP with Active Directory
Hi everybody, My project have changed, and I should use Active Directory instead of mysql for authentication because we use AD for user's domain administration. My server can join the domain but my problem is that ms-chap does'nt do anything during radtest. here is the result when i run radiusd -X the module is linked *module mschap* Module: Linked to module rlm_mschap Module: Instantiating mschap mschap { use_mppe = yes require_encryption = yes require_strong = yes with_ntdomain_hack = yes ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name:-None} --domain=%{%{mschap:NT-Domain}:-CELTELMG} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}" } After the Ready to process requests, I run # radtest testuser testuser localhost 0 pass and here but mschap isn't used : rad_recv: Access-Request packet from host 127.0.0.1 port 45703, id=64, length=60 User-Name = "testuser" User-Password = "testuser" NAS-IP-Address = xxxxxxxx NAS-Port = 0 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop Anyone could help me please!
Noro Hasina wrote:
Hi everybody, My project have changed, and I should use Active Directory instead of mysql for authentication because we use AD for user's domain administration. My server can join the domain but my problem is that ms-chap does'nt do anything during radtest.
Because you're not sending it a packet containing MS-CHAP. See http://deployingradius.com/documents/configuration/active_directory.html Alan DeKok.
Hi! Thank you for your answer Alan. I've already read this tuto and I follow it, but I don't understand what you mean.by sending packet? What request should I do I did $ radtest testrad testrad localhost 0 radsecret which testrad is an user in the active directory.
participants (2)
-
Alan DeKok -
Noro Hasina