Freeradius + Microsoft Active Directory

Kai Geek kaigeek at linuxmail.org
Sat Feb 25 19:04:27 CET 2006 

Hello,
your password crypt key is used. not become in this ethereal can't recognize.


> 	Auth-Type CHAP {
> 		chap
> 	}
> 
> 	
> 	Auth-Type MS-CHAP {
> 		mschap
> 	}


you must show the full and state this in the file
#ls /etc/raddact
#vi radius.conf
#vi clients.conf

best regards,

--
Ozgur Karatas
CCNA & Network Engineer
Linux System Administrator
ozgur (at) ozgurkaratas dot com

> ----- Original Message -----
> From: "Natalia Escalera" <nescalera at gmail.com>
> To: "FreeRadius users mailing list" <freeradius-users at lists.freeradius.org>
> Subject: Re: Freeradius + Microsoft Active Directory
> Date: Sat, 25 Feb 2006 11:53:20 -0600
> 
> 
> Hello Mr. DeKok
> 
> Thank you for the fast response.  The  password is clear-text.  We are
> using ethereal to debug why we are getting "Operations Error" on the
> Search Result.  The Operation Errors comment is the following:
> "In order to perform this operation a successful bind must be completed."
> 
> The search request on ethereal from Freeradius to the active directory
> gives the following:
> Message Type: Search Request
> Message Length:  96
> Response In: 469
> Base DN: dc=test, dc=prt
> Scope: subtree (0x02)
> Derefence: Never (0x00)
> Size Limit: 0
> Time Limit: 4
> Attributes only: False
> Filter: (&(objectclass=person)(sAMAccountName=%u))
> Attribute: uid ????we are not sending this attribute and we do not
> know where it is specified on Freeradius
> 
> Here are the settings given for LDAP module on radius.conf and user file:
> 
> #radius.conf
> ldap {
> 		server="xxx.xx.xxx.xxx"
> 		
> 		identity ="" # If this is suppose to be the bind dn???
> 		
> 		password = "mypassword"
> 		basedn ="dc=test,dc=prt"
> 
> 		#filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
> 		filter ="(&(objectclass=person) (sAMAccountName=%u))"
> 
> 		# set this to 'yes' to use TLS encrypted connections
> 		# to the LDAP database by using the StartTLS extended
> 		# operation.
> 		# The StartTLS operation is supposed to be used with normal
> 		# ldap connections instead of using ldaps (port 689) connections
> 		start_tls = no
> 
> 		# tls_cacertfile	= /path/to/cacert.pem
> 		# tls_cacertdir		= /path/to/ca/dir/
> 		# tls_certfile		= /path/to/radius.crt
> 		# tls_keyfile		= /path/to/radius.key
> 		# tls_randfile		= /path/to/rnd
> 		# tls_require_cert	= "demand"
> 
> 		# default_profile = "cn=radprofile,ou=dialup,o=My Org,c=UA"
> 		# profile_attribute = "radiusProfileDn"
> 		access_attr = "dialupAccess"
> 
> 		# Mapping of RADIUS dictionary attributes to LDAP
> 		# directory attributes.
> 		dictionary_mapping = ${raddbdir}/ldap.attrmap
> 
> 		ldap_connections_number = 5
> 
> 		
> 		timeout =5
> 		timelimit =4
> 		net_timeout =2
> 		compare_check_items = yes
> 		
> 	}
> 
> authenticate {
> 	
> 	Auth-Type PAP {
> 		pap
> 	}
> 
> 	
> 	Auth-Type CHAP {
> 		chap
> 	}
> 
> 	
> 	Auth-Type MS-CHAP {
> 		mschap
> 	}
> 
> 	
> 	unix
> 
> 	
> 	
> 	Auth-Type LDAP {
> 		ldap
> 	}
> 
> 	
> 	eap
> }
> 
> #users file
> 	DEFAULT Auth-Type := LDAP
> 	Fall-Through = 1
> 
> Can you please tell us if there is something wrong or if we are
> missing something on the configuration files?
> 
> Thanks in advance,
> Nataly
> 
> On 2/25/06, Alan DeKok <aland at ox.org> wrote:
> > "Natalia Escalera" <nescalera at gmail.com> wrote:
> > > I am setting up freeradius with Microsoft Active Directory. So far, I
> > > am able to connect to the server but not to authenticate a user. Can
> > > you  please give me a hint of how the configuration files need to be
> > > set in order to authenticate the user.
> >
> >  If the RADIUS packets have clear-text passwords, then the normal
> > LDAP module should work.  If you're using PEAP or MS-CHAP, read
> > "radiusd.conf",m and use "ntlm_auth".
> >
> > > Also, what is "3D" used for? (Example: server =3D your.ad.server.org ...)
> >
> >  Nothing.  It's an artifact of stupid mailers.  3D is ASCII for '='.
> >
> >  Alan DeKok.
> >
> > -
> > List info/subscribe/unsubscribe? See 
> > http://www.freeradius.org/list/users.html
> >
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

>



+-+-+-+ BEGIN PGP SIGNATURE +-+-+-+
Version: GnuPG v1.4.2 (GNU/Linux)
   .-.      .-.    _              
   : :      : :   :_;             
 .-' : .--. : `-. .-. .--.  ,-.,-.
' .; :' '_.'' .; :: :' .; ; : ,. :
`.__.'`.__.'`.__.':_;`.__,_;:_;:_;

Kai "Ozgur" Geek
Network Engineer
PGP ID: B1B63B6E
+-+-+-+ END PGP SIGNATURE +-+-+-+


-- 
_______________________________________________
Check out the latest SMS services @ http://www.linuxmail.org
This allows you to send and receive SMS through your mailbox.

Powered by Outblaze

More information about the Freeradius-Users mailing list