FreeRadius+AD integration

shrikant Bhat shrikabhat at gmail.com
Mon Apr 23 12:40:44 CEST 2007 

I tried with the following in the authenticate section

Auth-Type ntlm_auth {
                                   mschap **** am not sure about the
protocol i need to use here
        }

I have attached the debug window output
******************************************************************************************************
rad_recv: Access-Request packet from host 127.0.0.1:32928, id=202, length=57
        User-Name = "raduser"
        User-Password = "radpass"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 0
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    rlm_realm: No '@' in User-Name = "raduser", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 0
    users: Matched entry DEFAULT at line 214
  modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns ok for request 0
  rad_check_password:  Found Auth-Type ntlm_auth
auth: type "ntlm_auth"
  Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 0
  rlm_mschap: No User-Password configured.  Cannot create LM-Password.
  rlm_mschap: No User-Password configured.  Cannot create NT-Password.
  rlm_mschap: No MS-CHAP-Challenge in the request
  modcall[authenticate]: module "mschap" returns reject for request 0
modcall: group Auth-Type returns reject for request 0
auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
***************************************************************************************
All I want to do is authenticate my cisco device logins using ads id
and password.
I am novice to radius,please help.
thank you
regards
sb



On 4/23/07, Alan DeKok <aland at deployingradius.com> wrote:
> shrikant Bhat wrote:
> > Hi,
> > I am trying to integrate freeradius with ADS 2003. I reffred to
> > http://deployingradius.com/documents/configuration/active_directory.html
> > <http://deployingradius.com/documents/configuration/active_directory.html>.
> > everything works perfectly fine till ( $ ntlm_auth --request-nt-key
> > --domain=*MYDOMAIN* --username=*user* --password=*password*) I get
> > NT_STATUS_OK. I dont see NT_KEY output. I made changes to  exec module
> > in radius.conf as per the instructions, but radtest fails with
> > Access-Reject .I have attached the debug window output for reference.
>
>   You did not add the "ntlm_auth" entry to the "authenticate" section,
> as the web page says.
>
>   Alan DeKok.
> --
>   http://deployingradius.com       - The web site of the book
>   http://deployingradius.com/blog/ - The blog
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

More information about the Freeradius-Users mailing list