FreeRadius + ntlm_auth + blank character in the NT group name
charles at copel.com
charles at copel.com
Fri Oct 5 14:30:18 CEST 2007
Hi:
I need to Configure my FreeRadius to authenticate NT users in a
determinate NT Group that has a "blank character" in the name.
My NT Group name is "COPEL\Acesso Remoto".
When I execute the "ntlm_auth" program in the command line: it works. The
command line is below:
[root at FreeRADIUS /usr/local/etc/raddb]# ntlm_auth
--require-membership-of='COPEL\Acesso Remoto' --request-nt-key
--domain=COPEL --username=radius --password=radius
NT_STATUS_OK: Success (0x0)
[root at FreeRADIUS /usr/local/etc/raddb]#
When I configure the "ntlm_auth" program in the radiusd.conf, my
FreeRadius show the followings messages:
...
auth: type "win_domain"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
radius_xlat: '--username=radius'
radius_xlat: '--password=radius'
[2007/10/05 09:10:42, 0] utils/ntlm_auth.c:get_require_membership_sid(237)
Winbindd lookupname failed to resolve 'COPEL\Acesso Remoto' into a SID!
Exec-Program output:
Exec-Program: returned: 1
rlm_exec (win_domain): External script failed
modcall[authenticate]: module "win_domain" returns fail for request 0
modcall: leaving group authenticate (returns fail) for request 0
auth: Failed to validate the user.
Login incorrect: [radius/radius] (from client cerberus2 port 0)
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 239 to 10.4.3.248 port 32795
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 239 with timestamp 470629c2
Nothing to do. Sleeping until we see a request.
My FreeRadius don´t get to find the NT group. It sounds like problem when
FreeRadius find the "blank character" in the name of group.
My environment is: FreeBSD 6.2 + Samba 3.0.24 + freeradius 1.1.6
Any Idea ?
Best Regards,
Charles.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20071005/50b2a458/attachment.html>
More information about the Freeradius-Users
mailing list