Using freeradius v1.1.1 on a RHEL 4 box trying to authenticate users against Windows 2003 Active directory. I was able to bind linux box to Windows domain successfully and able to read the active directory users and groups using wbinfo - u R1\Administrator R1\Guest and wbinfo -g. Using ntlm_auth tool am able to successfully authenticate the users too. -bash-3.00# ntlm_auth --request-nt-key --username=kartthikr password: NT_STATUS_OK: Success (0x0) But while using radtest tool with the same logon credentials as above it rejects the user and here is the log message. But I didnt find logon success failure in AD when i checked event viewer. rad_recv: Access-Request packet from host 127.0.0.1:32927, id=243, length=61 User-Name = "<removed>" User-Password = "<removed>" NAS-IP-Address = 255.255.255.255 NAS-Port = 0 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "<removed>", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 users: Matched entry DEFAULT at line 156 modcall[authorize]: module "files" returns ok for request 0 modcall: leaving group authorize (returns ok) for request 0 rad_check_password: Found Auth-Type System auth: type "System" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 modcall[authenticate]: module "unix" returns notfound for request 0 modcall: leaving group authenticate (returns notfound) for request 0 auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Sending Access-Reject of id 243 to 127.0.0.1 port 32927 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 243 with timestamp 45413139 Nothing to do. Sleeping until we see a request. Here is nss config file: passwd: files winbind shadow: files winbind group: files winbind hosts: files winbind nis dns protocols: files winbind # nis services: files winbind # nis netgroup: files winbind # nis automount: files winbind nis Here is radiusd.conf file: modules { pap { encryption_scheme = crypt } chap { authtype = CHAP } pam { pam_auth = radiusd } unix { cache = no cache_reload = 600 radwtmp = ${logdir}/radwtmp } $INCLUDE ${confdir}/eap.conf mschap { authtype = MS-CHAP #use_mppe = no require_encryption = yes #require_strong = yes with_ntdomain_hack = yes ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}" } So aint sure what am i missed here, any help will be appreciated.
participants (2)
-
A.L.M.Buxey@lboro.ac.uk -
Karthik R