RE: AD authentication
Hi Charles, I already have defined NTLM Security policy for my Domain Controller security settings. But Still getting the same error message. Can you please specify the local domain controller policies with settings which should be enabled for Freeradius server to authenticate. Thanks & Regards Varun Marwah CONFIDENTIALITY NOTICE This e-mail transmission and any documents, files, or previous e-mail messages appended or attached to it, may contain information that is confidential or legally privileged. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are hereby notified that any disclosure, copying, printing, distribution, or use of the information contained or attached to this transmission is STRICTLY PROHIBITED. If you have received this transmission in error, please immediately notify the sender by telephone (+91-172-2299137) or return e-mail message (vmarwah@quark.com) and delete the original transmission, its attachments, and any copies without reading or saving in any manner. Thank you. -----Original Message----- From: charles schwartz [mailto:charles.schwartz@umail.univ-metz.fr] Sent: Monday, November 28, 2005 10:51 PM To: freeradius-users@lists.freeradius.org Cc: Varun Marwah Subject: Re: AD authentication Hi, If the wbinfo command does not work, ntlm_auth won't work too.
error code was NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc00000da)
error messsage was: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
This error indicates that something went wrong with the domain access. Try to troubleshoot by using wbinfo -g or wbinfo -u. With these commands you should be able to list the users and groups of your domain. There may be a problem with NTLM on your Windows2003 server. Note thath NTLM was the authentication protocol used by earlier version of Windows. It is still supported for backward compatibility, but can be disabled. By default, Win2k and 2003 use Kerberos for authentication. You might have a security policy thats restricts the use of NTLM on your network. Check your GPO if NTLM is allowed to be transmitted across the network. Regards, Charles Schwartz
Hi,
I used the document freeRadius_AD_tutorial.pdf for configuring a linux
box to get authenticated through users in Windows 2003 AD.
I used the command net join -U Administrator to add the machine to the
domain. It gave successful results. Now on typing the command
wbinfo -a checkad%Quark_123
I got the following results:-
plaintext password authentication failed
error code was NT_STATUS_NO_SUCH_USER (0xc0000064)
error messsage was: No such user
Could not authenticate user checkad%Quark_123 with plaintext password
challenge/response password authentication failed
error code was NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc00000da)
error messsage was: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Could not authenticate user checkad with challenge/response
Also, on giving the command
# ntlm_auth --request-nt-key --domain=india.quark.com --username=
checkad
password:
NT_STATUS_CANT_ACCESS_DOMAIN_INFO: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
(0xc00000da)
[root@Radius etc]#
I get the above stated error. Please help.
Thanks & Regards
Varun Marwah
CONFIDENTIALITY NOTICE
This e-mail transmission and any documents, files, or previous e-mail
messages appended or attached to it, may contain information that is
confidential or legally privileged. If you are not the intended
recipient, or a person responsible for delivering it to the intended
recipient, you are hereby notified that any disclosure, copying,
printing, distribution, or use of the information contained or attached
to this transmission is STRICTLY PROHIBITED. If you have received this
transmission in error, please immediately notify the sender by telephone
(+91-172-2299137) or return e-mail message (vmarwah@quark.com
<mailto:vmarwah@quark.com> ) and delete the original transmission, its
attachments, and any copies without reading or saving in any manner.
Thank you.
-- This message has been scanned for viruses and dangerous content by Quark Anti Virus, and is believed to be clean.
Hello all! can anyone help me out with a template for the file hints as well as huntgroups? as far as i know those files are not needed if the accounting is done via sql. i still have got issues if i try disable the preprocessing for those files. anyone got any sugestions for me ? Greetings TAG BAHAYA NETWORKS (Siam Ltd.)
tagmail@gmx wrote:
Hello all!
can anyone help me out with a template for the file hints as well as huntgroups?
as far as i know those files are not needed if the accounting is done via sql.
i still have got issues if i try disable the preprocessing for those files.
anyone got any sugestions for me ?
Greetings TAG BAHAYA NETWORKS (Siam Ltd.)
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Template and examples can be found in the directory you untar'ed the source in raddb/hints and raddb/huntgroups. If you don't utilize hints or huntgroups you can probably (depending on your NAS) safely remove preprocesses from the authorize and preacct blocks in radiusd.conf. As an alternative, you could leave radiusd.conf alone and comment out or delete all lines in hints and huntgroups. Chris Carver
participants (3)
-
Christopher Carver -
tagmail@gmx -
Varun Marwah