AD authentication

Varun Marwah vmarwah at quark.com
Tue Nov 29 06:13:33 CET 2005


Hi Charles,

 

I already have defined NTLM Security policy for my Domain Controller
security settings. But Still getting the same error message.

 

Can you please specify the local domain controller policies with
settings which should be enabled for Freeradius server to authenticate.

 

 

 

Thanks & Regards

Varun Marwah

CONFIDENTIALITY NOTICE

This e-mail transmission and any documents, files, or previous e-mail
messages appended or attached to it, may contain information that is
confidential or legally privileged. If you are not the intended
recipient, or a person responsible for delivering it to the intended
recipient, you are hereby notified that any disclosure, copying,
printing, distribution, or use of the information contained or attached
to this transmission is STRICTLY PROHIBITED. If you have received this
transmission in error, please immediately notify the sender by telephone
(+91-172-2299137) or return e-mail message (vmarwah at quark.com) and
delete the original transmission, its attachments, and any copies
without reading or saving in any manner. Thank you.

-----Original Message-----
From: charles schwartz [mailto:charles.schwartz at umail.univ-metz.fr] 
Sent: Monday, November 28, 2005 10:51 PM
To: freeradius-users at lists.freeradius.org
Cc: Varun Marwah
Subject: Re: AD authentication

 

Hi,

 

If the wbinfo command does not work, ntlm_auth won't work too.

 

 

> error code was NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc00000da)

> 

> error messsage was: NT_STATUS_CANT_ACCESS_DOMAIN_INFO

 

This error indicates that something went wrong with the domain access.

Try to troubleshoot by using wbinfo -g or wbinfo -u.

With these commands you should be able to list the users and groups of
your domain.

 

There may be a problem with NTLM  on your Windows2003 server.

Note thath NTLM was the authentication protocol used by earlier version
of Windows.

It is still supported for backward compatibility, but can be disabled.

By default, Win2k and 2003 use Kerberos for authentication.

 

You might have a security policy thats restricts the use of NTLM on your
network.

Check your GPO if NTLM is allowed to be transmitted across the network.

 

 

Regards,

Charles Schwartz

 

 

 

 

> Hi,

> 

>  

> 

> I used the document freeRadius_AD_tutorial.pdf for configuring a linux

> box to get authenticated through users in Windows 2003 AD.

> 

>  

> 

> I used the command net join -U Administrator to add the machine to the

> domain. It gave successful results. Now on typing the command

> 

>  

> 

> wbinfo -a checkad%Quark_123

> 

>  

> 

> I got the following results:-

> 

>  

> 

> plaintext password authentication failed

> 

> error code was NT_STATUS_NO_SUCH_USER (0xc0000064)

> 

> error messsage was: No such user

> 

> Could not authenticate user checkad%Quark_123 with plaintext password

> 

> challenge/response password authentication failed

> 

> error code was NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc00000da)

> 

> error messsage was: NT_STATUS_CANT_ACCESS_DOMAIN_INFO

> 

> Could not authenticate user checkad with challenge/response

> 

>  

> 

> Also, on giving the command 

> 

>  

> 

> # ntlm_auth --request-nt-key --domain=india.quark.com --username=

> checkad

> 

> password:

> 

> NT_STATUS_CANT_ACCESS_DOMAIN_INFO: NT_STATUS_CANT_ACCESS_DOMAIN_INFO

> (0xc00000da)

> 

> [root at Radius etc]#

> 

> I get the above stated error. Please help. 

> 

> Thanks & Regards

> 

> Varun Marwah

> 

> CONFIDENTIALITY NOTICE

> 

> This e-mail transmission and any documents, files, or previous e-mail

> messages appended or attached to it, may contain information that is

> confidential or legally privileged. If you are not the intended

> recipient, or a person responsible for delivering it to the intended

> recipient, you are hereby notified that any disclosure, copying,

> printing, distribution, or use of the information contained or
attached

> to this transmission is STRICTLY PROHIBITED. If you have received this

> transmission in error, please immediately notify the sender by
telephone

> (+91-172-2299137) or return e-mail message (vmarwah at quark.com

> <mailto:vmarwah at quark.com> ) and delete the original transmission, its

> attachments, and any copies without reading or saving in any manner.

> Thank you.

> 

>  

> 

 

-- 

This message has been scanned for viruses and

dangerous content by Quark Anti Virus, and is

believed to be clean.

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20051129/d8e23da1/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 46801 bytes
Desc: image001.jpg
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20051129/d8e23da1/attachment.jpg>


More information about the Freeradius-Users mailing list