Freeradius How to integrate Active Directory [AD Integration WindowsXP NTLM Tutorial]
Bohannan, Chad W
Chad_Bohannan at reyrey.com
Fri Dec 2 18:46:47 CET 2005
We were able to move past this particular problem. For anyone who may
have a similar issue....
Port 512 (tcp&udp for EZEC service) need to be allowed in addition to
the standard 137-139, 445, & 389. So if you are running TCP wrappers or
ip tables make certain it is allowed....
cheers
-----Original Message-----
From: Bohannan, Chad W
Sent: Thursday, December 01, 2005 11:27 AM
To: 'charles schwartz'; 'FreeRadius users mailing list'
Subject: RE: Freeradius How to integrate Active Directory [AD
Integration WindowsXP NTLM Tutorial]
Hello,
I am attempting to have FR authenticate administrative access
for my Cisco gear against AD. The problem I am having is this. When I
attempt to join the realm <<net ads join -U UID>> the command appears
successful and from the AD side, the system has joined (visable in AD),
however the proccess hangs on the FR side. If I stop the process and
reissue the command, I get the following output and the process again
hangs:
[2005/12/01 11:08:36, 0] libads/ldap.c:ads_add_machine_acct(1405)
ads_add_machine_acct: Host account for rws-radius01 already exists -
modifying old account
<<ntlm_auth --request-nt-key --domain=mydomain --username= \myuid>>
NT_STATUS_CANT_ACCESS_DOMAIN_INFO: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
(0xc00000da)
<<wbinfo -a UID%PASSWD>>
plaintext password authentication failed
error code was NT_STATUS_NO_SUCH_USER (0xc0000064)
error messsage was: No such user
Could not authenticate user UID%PASSWD with plaintext password
challenge/response password authentication failed
error code was NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc00000da)
error messsage was: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Could not authenticate user UID with challenge/response
I am sure there is something simple I have overlooked, but I am unable
to find it at this point. Any suggestions would be much appreciated.
Chad
-----Original Message-----
From: freeradius-users-bounces at lists.freeradius.org
[mailto:freeradius-users-bounces at lists.freeradius.org] On Behalf Of
charles schwartz
Sent: Tuesday, November 22, 2005 11:28 AM
To: freeradius-users at lists.freeradius.org
Subject: Freeradius How to integrate Active Directory [AD Integration
WindowsXP NTLM Tutorial]
Hi list,
A lot of people on this list would like to integrate Active Directory
with FreeRADIUS in order to provide a transparent user authentication
login process.
There are at least 2 ways to integrate AD: LDAP and NTLM.
I've written a tutorial about how to do this with NTLM (winbind,
ntlm_auth). The Windows supplicants are configured to work with PEAP and
MSCHAPv2.
You can download it from here:
http://homepages.lu/charlesschwartz/radius/freeRadius_AD_tutorial.pdf
Good luck!
Regards,
Charles Schwartz
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list