FreeRadius with NTLM

Jaygopal Upadhyay Jaygopal.Upadhyay at Sierraatlantic.com
Wed Oct 26 09:26:16 CEST 2005 

Hello,

I feel my samba configuration is fine as I am able to use ntlm_auth
--username=username --domain=domainname and get it authenticated. But
through radius I am not able to get authenticated. Below is the log when a
request is received by the radius server. Can anyone guide me correct the
problem?

Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.159.186:1031, id=8,
length=260
        Message-Authenticator = 0x13b3b93f61a42974560bd934ea94ed07
        Service-Type = Framed-User
        User-Name = "DOMAINNAME\\username"
        Framed-MTU = 1488
        State = 0xf4e76dd53f28774073c9ffd19f060b3d
        Called-Station-Id = "00-13-46-70-50-54:SierraAtlantic"
        Calling-Station-Id = "00-13-CE-24-AB-DC"
        NAS-Identifier = "D-Link Access Point"
        NAS-Port-Type = Wireless-802.11
        Connect-Info = "CONNECT 54Mbps 802.11g"
        EAP-Message =
0x020800261900170301001b5521adc1357e0251337f314c5568e0fe5404c4fc59106c977397
80
        NAS-IP-Address = 192.168.159.186
        NAS-Port = 1
        NAS-Port-Id = "STA port # 1"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 26
  modcall[authorize]: module "preprocess" returns ok for request 26
  modcall[authorize]: module "chap" returns noop for request 26
  modcall[authorize]: module "mschap" returns noop for request 26
    rlm_realm: No '@' in User-Name = "DOMAINNAME\username", looking up realm
NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 26
  rlm_eap: EAP packet type response id 8 length 38
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 26
    users: Matched entry DEFAULT at line 152
    users: Matched entry DEFAULT at line 171
  modcall[authorize]: module "files" returns ok for request 26
modcall: group authorize returns updated for request 26
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 26
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: Received EAP-TLV response.
  rlm_eap_peap: Tunneled data is valid.
  rlm_eap_peap:  Had sent TLV failure, rejecting.
 rlm_eap: Handler failed in EAP/peap
  rlm_eap: Failed in EAP select
  modcall[authenticate]: module "eap" returns invalid for request 26
modcall: group authenticate returns invalid for request 26
auth: Failed to validate the user.
Delaying request 26 for 1 seconds
Finished request 26
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.159.186:1031, id=8,
length=260Sending Access-Reject of id 8 to 192.168.159.186:1031
        EAP-Message = 0x04080004
        Message-Authenticator = 0x00000000000000000000000000000000
--- Walking the entire request list ---
Waking up in 3 seconds...
--- Walking the entire request list ---     

Regards,
Jaygopal.
-----Original Message-----
From: Alan DeKok [mailto:aland at ox.org] 
Sent: Tuesday, October 25, 2005 10:20 PM
To: FreeRadius users mailing list
Subject: Re: FreeRadius with NTLM 

Jaygopal Upadhyay <Jaygopal.Upadhyay at sierraatlantic.com> wrote:
> Can anyone provide me with steps on how to configure FreeRadius to use
samba
> and allow access to WI-FI to valid domain users?

  Read radiusd.conf.  Look for "ntlm_ath".

  Read samba's documentation to see how to configure it.

  Alan DeKok.
- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
"The information contained in this message and the attachments (if any) may
be privileged and confidential and protected from disclosure. You are hereby
notified that any unauthorized use, dissemination, distribution or copying
of this communication, review, retransmission, or taking of any action based
upon this information, by persons or entities other than the intended
recipient, is strictly prohibited. If you are not the intended recipient or
an employee or agent responsible for delivering this message, and have
received this communication in error, please notify us immediately by
replying to the message and kindly delete the original message, attachments,
if any, and all its copies from your computer system. Thank you for your
cooperation."

More information about the Freeradius-Users mailing list