Freeradius How to integrate Active Directory [AD Integration WindowsXP NTLM Tutorial]
Robin Mordasiewicz
rmordasiewicz at samuelmanutech.com
Wed Nov 23 00:37:14 CET 2005
On Tue, 22 Nov 2005, charles schwartz wrote:
> Hi list,
>
> A lot of people on this list would like to integrate Active Directory with FreeRADIUS in order to provide a transparent user authentication login process.
>
> There are at least 2 ways to integrate AD: LDAP and NTLM.
> I've written a tutorial about how to do this with NTLM (winbind, ntlm_auth). The Windows supplicants are configured to work with PEAP and MSCHAPv2.
>
> You can download it from here:
> http://homepages.lu/charlesschwartz/radius/freeRadius_AD_tutorial.pdf
>
thanks for this. I change to use the /dev/random as per your tutorial but
radiusd hangs. When I change the random_file back to the original then it
works
random_file = ${raddbdir}/certs/random
In my tls section of eap.conf I have
tls {
private_key_password = whatever
private_key_file = ${raddbdir}/certs/cert-srv.pem
CA_file = ${raddbdir}/certs/demoCA/cacert.pem
dh_file = ${raddbdir}/certs/dh
random_file = /dev/random
}
But when I run radiusd -X it just hangs there after getting to the
following.
rlm_eap: Loaded and initialized type gtc
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file = "/etc/freeradius/certs/cert-srv.pem"
tls: certificate_file = "/etc/freeradius/certs/cert-srv.pem"
tls: CA_file = "/etc/freeradius/certs/demoCA/cacert.pem"
tls: private_key_password = "whatever"
tls: dh_file = "/etc/freeradius/certs/dh"
tls: random_file = "/dev/random"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = "(null)"
And Strace shows
13519 open("/etc/freeradius/certs/demoCA/cacert.pem",
O_RDONLY|O_LARGEFILE) = 6
13519 fstat64(6, {st_mode=S_IFREG|0644, st_size=1350, ...}) = 0
13519 open("/etc/freeradius/certs/cert-srv.pem", O_RDONLY|O_LARGEFILE) = 6
13519 fstat64(6, {st_mode=S_IFREG|0644, st_size=2429, ...}) = 0
13519 open("/etc/freeradius/certs/cert-srv.pem", O_RDONLY|O_LARGEFILE) = 6
13519 fstat64(6, {st_mode=S_IFREG|0644, st_size=2429, ...}) = 0
13519 stat64("/dev/random", {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 8),
...}) = 0
13519 open("/dev/random", O_RDONLY) = 6
[root at smtcorms02 /usr/lib/ssl ]# ls -la /dev/random
crw-rw-rw- 1 root root 1, 8 Nov 2 12:02 /dev/random
[root at smtcorms02 /usr/lib/ssl ]# ls -la /dev/urandom
cr--r--r-- 1 root root 1, 9 Nov 2 12:02 /dev/urandom
More information about the Freeradius-Users
mailing list