freeradius and ntlm_auth howto

Stieven.Struyf at komatsu.eu Stieven.Struyf at komatsu.eu
Fri Oct 27 10:54:10 CEST 2006 

All,
I finally got it working, but not yet as i want.
The trick that made it work is settings auth-type := MSCHAPv2 for the 
user(s) and i also started radiusd as root(changed the rights without 
success to radiusd, but once everything is working i will try to run again 
with radiusd user)

If i connect my user(s)s with username at realm it works, 
but if i use realm\userame the realm is found but no ntlm is used(and 
authentication fails).

Below you find an extract from the debug where you can see that the 
correct realm is found. Do i need some options?
(btw i need this to work because automatic logon to the wifi from windows 
xp with windows credentials is in this format)

modcall[authorize]: module "kmt-eu.kmtg.net" returns noop for request 69
    rlm_realm: Looking up realm "KMT-EU.KMTG.NET" for User-Name = 
"KMT-EU.KMTG.NET\sstruyf"
    rlm_realm: Found realm "KMT-EU.KMTG.NET"
    rlm_realm: Adding Stripped-User-Name = "sstruyf"
    rlm_realm: Proxying request from user sstruyf to realm KMT-EU.KMTG.NET
    rlm_realm: Adding Realm = "KMT-EU.KMTG.NET"
    rlm_realm: Authentication realm is LOCAL.


Stieven Struyf
M.I.S. Division - System Operations 
Komatsu Europe International NV
Mechelsesteenweg 586
B-1800 Vilvoorde
Stieven.Struyf at komatsu.eu
Tel. +32 (0)2 2552551

freeradius-users-bounces+stieven.struyf=komatsu.eu at lists.freeradius.org 
wrote on 10/26/2006 05:05:44 PM:

> Stieven.Struyf at komatsu.eu wrote:
> > I am trying to authenticate my wifi users via our AD. I'm finding bits 
and 
> > pieces on the internet to configure things, but no completely usable 
> > howto.
> 
>   What's missing from any of the HOWTO's?  There's some on the Wiki,
> and one on my site.
> 
> > Exec-Program-Wait: plaintext: winbind client not authorized to use 
> > winbindd_pam_auth_crap.  Ensure permissions on 
> > /var/cache/samba/winbindd_privileged are set correctly. (0xc0000022)
> 
>   You're running the server as non-root, and the programs it executes
> don't run as root, so they don't have permissions to read that
> directory.  Make the server run as root, or fix the permissions.
> 
>   Alan DeKok.
> --
>   http://deployingradius.com       - The web site of the book
>   http://deployingradius.com/blog/ - The blog
> - 
> List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20061027/544e7b56/attachment.html>

More information about the Freeradius-Users mailing list