Configuring FreeRADIUS to use ntlm_auth

charles at copel.com charles at copel.com
Fri Sep 14 16:52:29 CEST 2007 

Ok, Alan:

Thanks ... It works ...

Now I am trying to "Configuring my FreeRadius to use ntlm_auth for 
MS-CHAP" to authenticate my NT users, ok ?

After that I configure the radiusd.conf file with the necessary changes 
(about ntlm_auth), I am trying to test the authenticate with a valid user of my NT Domain 
(by radtest) and the FreeRadius reject it.

The output of my FreeRadius´s console:

[root at FreeRADIUS /usr/local/etc/raddb]# radtest copel\charles password 
localhost 0 testfreeradius
Sending Access-Request of id 123 to 127.0.0.1 port 1812
        User-Name = "copelcharles"
        User-Password = "password"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 0
rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=123, length=20

The complete output of Radiusd -X:

Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1:52444, id=67, 
length=64
        User-Name = "copelcharles"
        User-Password = "password"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 0
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    rlm_realm: No '@' in User-Name = "copelcharles", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 0
    users: Matched entry DEFAULT at line 153
  modcall[authorize]: module "files" returns ok for request 0
rlm_pap: WARNING! No "known good" password found for the user. 
Authentication may fail because of this.
  modcall[authorize]: module "pap" returns noop for request 0
modcall: leaving group authorize (returns ok) for request 0
  rad_check_password:  Found Auth-Type System
auth: type "System"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
  modcall[authenticate]: module "unix" returns notfound for request 0
modcall: leaving group authenticate (returns notfound) for request 0
auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 67 to 127.0.0.1 port 52444
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 67 with timestamp 46ea9900
Nothing to do.  Sleeping until we see a request.
rad_recv: Access-Request packet from host 127.0.0.1:50643, id=123, 
length=64
        User-Name = "copelcharles"
        User-Password = "password"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 0
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
  modcall[authorize]: module "preprocess" returns ok for request 1
  modcall[authorize]: module "chap" returns noop for request 1
  modcall[authorize]: module "mschap" returns noop for request 1
    rlm_realm: No '@' in User-Name = "copelcharles", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 1
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 1
    users: Matched entry DEFAULT at line 153
  modcall[authorize]: module "files" returns ok for request 1
rlm_pap: WARNING! No "known good" password found for the user. 
Authentication may fail because of this.
  modcall[authorize]: module "pap" returns noop for request 1
modcall: leaving group authorize (returns ok) for request 1
  rad_check_password:  Found Auth-Type System
auth: type "System"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
  modcall[authenticate]: module "unix" returns notfound for request 1
modcall: leaving group authenticate (returns notfound) for request 1
auth: Failed to validate the user.
Delaying request 1 for 1 seconds
Finished request 1
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 123 to 127.0.0.1 port 50643
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 1 ID 123 with timestamp 46ea9dec
Nothing to do.  Sleeping until we see a request.

My samba is ok , I get to authenticate this user by "ntlm_auth" command 
line.

Any Idea ?
Thanks,
Charles.





Alan DeKok <aland at deployingradius.com>
Enviado Por: freeradius-users-bounces at lists.freeradius.org
14/09/2007 10:32
Favor responder a FreeRadius users mailing list

 
        Para:   FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
        cc: 
        cco:    Charles Alcantara Borba/COPEL
        Assunto:        Re: Configuring FreeRADIUS to use ntlm_auth


charles at copel.com wrote:
> After I configure the users file with  "user          Auth-Type :=
> ntlm_auth" (for testing purposes only), my FreeRadius don´t start and
> show the followings errors:
> 
> /usr/local/etc/raddb/users[1]: Parse error (check) for entry user:
> Unknown value ntlm_auth for attribute Auth-Type

  You also have to list "ntlm_auth" in the "authenticate" section.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070914/3daf64bc/attachment.html>

More information about the Freeradius-Users mailing list