Using freeradius integrated with Active Directory to autenticate cisco passwords

Fernando Coelho cafe.fernando at gmail.com
Fri Feb 1 20:28:25 CET 2008 

Hi All!

I have several cisco routers and would like to authenticate the logins.
For it I am using the following tutorial:
http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO

when I try to authenticate using:

bandeira:/etc/raddb # /usr/bin/ntlm_auth --request-nt-key --username=jonny
--domain=CELULAR
password:
NT_STATUS_OK: Success (0x0)
It works fine. But when I try with:

bandeira:/etc/raddb # /usr/bin/ntlm_auth --request-nt-key --username=jonny
--domain=CELULAR --challenge=6151ad29f27eff47
--nt-response=01e42eabc464bf9915883d804457069d4702d95534ce4d53
Logon failure (0xc000006d)

I does not work.

Also when I try to login in to a router, it shows the log bellow:

rad_recv: Access-Request packet from host 10.131.23.252:1645, id=84,
length=79
        NAS-IP-Address = 10.131.23.252
        NAS-Port = 11
        NAS-Port-Type = Virtual
        User-Name = "jonny"
        Calling-Station-Id = "10.131.23.253"
        User-Password = "xxxxxx"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    rlm_realm: No '@' in User-Name = "jonny", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 0
    users: Matched entry DEFAULT at line 163
  modcall[authorize]: module "files" returns ok for request 0
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
  modcall[authorize]: module "pap" returns noop for request 0
modcall: leaving group authorize (returns ok) for request 0
  rad_check_password:  Found Auth-Type MS-CHAP
auth: type "MS-CHAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group MS-CHAP for request 0
  rlm_mschap: No User-Password configured.  Cannot create LM-Password.
  rlm_mschap: No User-Password configured.  Cannot create NT-Password.
  rlm_mschap: No MS-CHAP-Challenge in the request
  modcall[authenticate]: module "mschap" returns reject for request 0
modcall: leaving group MS-CHAP (returns reject) for request 0
auth: Failed to validate the user.
Login incorrect: [jonny/xxxxx] (from client 10.131.23.252 port 11 cli
10.131.23.253)
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 84 to 10.131.23.252 port 1645
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 84 with timestamp 47a370cf
Nothing to do.  Sleeping until we see a request.

Could any one help me? Or at least indicate me a how to that works?
I want to authenticate logins in to routers/switchs cisco in a freeradius
integrated with a active directory.

Thank you.

Fernando
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080201/684e4aaa/attachment.html>

More information about the Freeradius-Users mailing list