Configuring FreeRADIUS to use ntlm_auth
tnt at kalik.co.yu
tnt at kalik.co.yu
Fri Sep 14 17:12:33 CEST 2007
Radtest doesn't do MSCHAP. Use different client:
http://jradius.org/wiki/index.php/JRadiusSimulator
Ivan Kalik
Kalik Informatika ISP
Dana 14/9/2007, "charles at copel.com" <charles at copel.com> piše:
>Ok, Alan:
>
>Thanks ... It works ...
>
>Now I am trying to "Configuring my FreeRadius to use ntlm_auth for
>MS-CHAP" to authenticate my NT users, ok ?
>
>After that I configure the radiusd.conf file with the necessary changes
>(about ntlm_auth), I am trying to test the authenticate with a valid user of my NT Domain
>(by radtest) and the FreeRadius reject it.
>
>The output of my FreeRadius´s console:
>
>[root at FreeRADIUS /usr/local/etc/raddb]# radtest copel\charles password
>localhost 0 testfreeradius
>Sending Access-Request of id 123 to 127.0.0.1 port 1812
> User-Name = "copelcharles"
> User-Password = "password"
> NAS-IP-Address = 255.255.255.255
> NAS-Port = 0
>rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=123, length=20
>
>The complete output of Radiusd -X:
>
>Ready to process requests.
>rad_recv: Access-Request packet from host 127.0.0.1:52444, id=67,
>length=64
> User-Name = "copelcharles"
> User-Password = "password"
> NAS-IP-Address = 255.255.255.255
> NAS-Port = 0
> Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 0
> modcall[authorize]: module "preprocess" returns ok for request 0
> modcall[authorize]: module "chap" returns noop for request 0
> modcall[authorize]: module "mschap" returns noop for request 0
> rlm_realm: No '@' in User-Name = "copelcharles", looking up realm NULL
> rlm_realm: No such realm "NULL"
> modcall[authorize]: module "suffix" returns noop for request 0
> rlm_eap: No EAP-Message, not doing EAP
> modcall[authorize]: module "eap" returns noop for request 0
> users: Matched entry DEFAULT at line 153
> modcall[authorize]: module "files" returns ok for request 0
>rlm_pap: WARNING! No "known good" password found for the user.
>Authentication may fail because of this.
> modcall[authorize]: module "pap" returns noop for request 0
>modcall: leaving group authorize (returns ok) for request 0
> rad_check_password: Found Auth-Type System
>auth: type "System"
> Processing the authenticate section of radiusd.conf
>modcall: entering group authenticate for request 0
> modcall[authenticate]: module "unix" returns notfound for request 0
>modcall: leaving group authenticate (returns notfound) for request 0
>auth: Failed to validate the user.
>Delaying request 0 for 1 seconds
>Finished request 0
>Going to the next request
>--- Walking the entire request list ---
>Waking up in 1 seconds...
>--- Walking the entire request list ---
>Waking up in 1 seconds...
>--- Walking the entire request list ---
>Sending Access-Reject of id 67 to 127.0.0.1 port 52444
>Waking up in 4 seconds...
>--- Walking the entire request list ---
>Cleaning up request 0 ID 67 with timestamp 46ea9900
>Nothing to do. Sleeping until we see a request.
>rad_recv: Access-Request packet from host 127.0.0.1:50643, id=123,
>length=64
> User-Name = "copelcharles"
> User-Password = "password"
> NAS-IP-Address = 255.255.255.255
> NAS-Port = 0
> Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 1
> modcall[authorize]: module "preprocess" returns ok for request 1
> modcall[authorize]: module "chap" returns noop for request 1
> modcall[authorize]: module "mschap" returns noop for request 1
> rlm_realm: No '@' in User-Name = "copelcharles", looking up realm NULL
> rlm_realm: No such realm "NULL"
> modcall[authorize]: module "suffix" returns noop for request 1
> rlm_eap: No EAP-Message, not doing EAP
> modcall[authorize]: module "eap" returns noop for request 1
> users: Matched entry DEFAULT at line 153
> modcall[authorize]: module "files" returns ok for request 1
>rlm_pap: WARNING! No "known good" password found for the user.
>Authentication may fail because of this.
> modcall[authorize]: module "pap" returns noop for request 1
>modcall: leaving group authorize (returns ok) for request 1
> rad_check_password: Found Auth-Type System
>auth: type "System"
> Processing the authenticate section of radiusd.conf
>modcall: entering group authenticate for request 1
> modcall[authenticate]: module "unix" returns notfound for request 1
>modcall: leaving group authenticate (returns notfound) for request 1
>auth: Failed to validate the user.
>Delaying request 1 for 1 seconds
>Finished request 1
>Going to the next request
>--- Walking the entire request list ---
>Waking up in 1 seconds...
>--- Walking the entire request list ---
>Waking up in 1 seconds...
>--- Walking the entire request list ---
>Sending Access-Reject of id 123 to 127.0.0.1 port 50643
>Waking up in 4 seconds...
>--- Walking the entire request list ---
>Cleaning up request 1 ID 123 with timestamp 46ea9dec
>Nothing to do. Sleeping until we see a request.
>
>My samba is ok , I get to authenticate this user by "ntlm_auth" command
>line.
>
>Any Idea ?
>Thanks,
>Charles.
>
>
>
>
>
>Alan DeKok <aland at deployingradius.com>
>Enviado Por: freeradius-users-bounces at lists.freeradius.org
>14/09/2007 10:32
>Favor responder a FreeRadius users mailing list
>
>
> Para: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
> cc:
> cco: Charles Alcantara Borba/COPEL
> Assunto: Re: Configuring FreeRADIUS to use ntlm_auth
>
>
>charles at copel.com wrote:
>> After I configure the users file with "user Auth-Type :=
>> ntlm_auth" (for testing purposes only), my FreeRadius don´t start and
>> show the followings errors:
>>
>> /usr/local/etc/raddb/users[1]: Parse error (check) for entry user:
>> Unknown value ntlm_auth for attribute Auth-Type
>
> You also have to list "ntlm_auth" in the "authenticate" section.
>
> Alan DeKok.
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
>
More information about the Freeradius-Users
mailing list