Beating a dead horse, or freeradius 2.1.1 and active directory
Ben Little
BLittle at skylight.com
Thu Dec 4 20:05:46 CET 2008
Well I'll be a son of a gun :-)
It worked! Awesome, thanks a ton, ok now to see if I can make my silly switch work with this authentication! Alan, if you're reading this you should add the inner-tunnel addition to the how to.
Now I just have to figure out the authorization piece of the puzzle and I'll be golden.
Thanks
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /var/run/radiusd/radiusd.sock
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 53912, id=223, length=57
User-Name = "rtest"
User-Password = "SEKRAT"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "rtest", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
[files] users: Matched entry rtest at line 1
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = ntlm_auth
+- entering group authenticate {...}
[ntlm_auth] expand: --username=%{mschap:User-Name} -> --username=rtest
[ntlm_auth] expand: --password=%{User-Password} -> --password=SEKRAT
Exec-Program output: NT_STATUS_OK: Success (0x0)
Exec-Program-Wait: plaintext: NT_STATUS_OK: Success (0x0)
Exec-Program: returned: 0
++[ntlm_auth] returns ok
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 223 to 127.0.0.1 port 53912
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 223 with timestamp +19
Ready to process requests.
> -----Original Message-----
> From:
> freeradius-users-bounces+blittle=skylight.com at lists.freeradius
> .org
> [mailto:freeradius-users-bounces+blittle=skylight.com at lists.fr
> eeradius.org] On Behalf Of tnt at kalik.net
> Sent: Thursday, December 04, 2008 10:35 AM
> To: FreeRadius users mailing list
> Subject: RE: Beating a dead horse, or freeradius 2.1.1 and
> active directory
>
> >Here is the first line in the users file
> >
> >(quotes removed)
> >rtest Auth-Type := ntlm_auth
> >
> >And here is the error that generates:
> >
> >/etc/raddb/users[1]: Parse error (check) for entry rtest:
> Unknown value
> >ntlm_auth for attribute Auth-Type Errors reading /etc/raddb/users
> >/etc/raddb/modules/files[7]: Instantiation failed for module "files"
> >/etc/raddb/sites-enabled/inner-tunnel[110]: Failed to find
> module "files".
> >/etc/raddb/sites-enabled/inner-tunnel[34]: Errors parsing
> authorize section.
> > }
> >}
> >Errors initializing modules
> >
>
> OK. Howto needs updating. Freeradius in default configuration
> has default and inner-tunnel virtual servers. You should add
> ntlm_auth to authenticate section of both (not just default
> as in howto). This issue is probably going to be resolved
> with virtual server specific users file but at present if
> Auth-Type is listed in users file it has to exist in all
> enabled virtual servers.
>
> So, add ntlm_auth to authenticate section of inner-tunnel
> virtual server and leave user entry without quotes.
>
> Ivan Kalik
> Kalik Informatika ISP
>
> Ivan Kalik
> Kalik Informatika ISP
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list