ntlm_auth commandline ok, radius not ok

Völker, Christian Christian.Voelker at qsc.de
Tue Nov 8 14:05:12 CET 2005 

Yohoo!
 
I've a (for me) strange problem mit ntlm_auth.
 
I want to use freeradius as an proxy for authentication against ActiveDirectory. So I've installed winbind. "wbinfo -u" and "wbinfo -g" shows me the User and Grouplists. Nice :)
 
I've configured freeradius like Alan DeKok showed in his posting from Tue Jul 12 18:33:05 CEST 2005:
-----------snip---------------
modules {
...
exec win_domain {
     wait = yes
     input_pairs = request
     output_pairs = reply
     program = "ntlm_auth --username=\"%{User-Name}\" --password=\'%{User-Password}\' --domain=mydomain"
}
...
}

  Now list "win_domain" in the "authenticate" section, and add the
following entry to the "users" file:

DEFAULT   Auth-Type = win_domain

-----------snip---------------
When I start ntlm_auth on command line:
 
server:/# /usr/bin/ntlm_auth --username='_web' --password='XXXXX!' --domain=mydomain
NT_STATUS_OK: Success (0x0)

All is ok. :)
Trying the same with radtest:
 
ldaptest02:/etc/raddb# radtest "_web" 'XXXXX!' localhost 10 testing123
Sending Access-Request of id 75 to 127.0.0.1:1812
        User-Name = "_web"
        User-Password = "XXXXX!"
        NAS-IP-Address = ldaptest
        NAS-Port = 10
rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=75, length=20

Nothing is ok :-(
 
Logfiles:
-----------snip---------------
Nov  8 13:58:57 ldaptest radiusd: modcall: group authorize returns ok for request 8
Nov  8 13:58:57 ldaptest radiusd:   rad_check_password:  Found Auth-Type win_domain
Nov  8 13:58:57 ldaptest radiusd: auth: type "win_domain"
Nov  8 13:58:57 ldaptest radiusd:   Processing the authenticate section of radiusd.conf
Nov  8 13:58:57 ldaptest radiusd: modcall: entering group Auth-Type for request 8
Nov  8 13:58:57 ldaptest radiusd: radius_xlat:  '/usr/bin/ntlm_auth --username='_web' --password='XXXXX!' --domain=central'
Nov  8 13:58:57 ldaptest radiusd: Exec-Program: /usr/bin/ntlm_auth --username='_webman' --password='XXXXX!' --domain=central
Nov  8 13:58:57 ldaptest radiusd: Exec-Program output: NT_STATUS_NO_SUCH_USER: No such user (0xc0000064)
Nov  8 13:58:57 ldaptest radiusd: Exec-Program-Wait: plaintext: NT_STATUS_NO_SUCH_USER: No such user (0xc0000064)
Nov  8 13:58:57 ldaptest radiusd: Exec-Program: returned: 1
Nov  8 13:58:57 ldaptest radiusd: rlm_exec (win_domain): External script failed
Nov  8 13:58:57 ldaptest radiusd:   modcall[authenticate]: module "win_domain" returns fail for request 8

-----------snip---------------
 
The line in the log is the same as I enter it at command line. Why is the answer different?
 
Thanks for your help and/ or ideas for problem solution!
 
Greets from Germany
 
Christian
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20051108/8c3eafea/attachment.html>

More information about the Freeradius-Users mailing list