Reveal MAP
revealmapp at yahoo.fr
Tue Jul 15 18:22:26 CEST 2008
Thank you Ivan for the response.
yes, i first supplied the entired output of radiusd -X, but the mail was too long and was expected to be moderate. so i cut it. I will try to send a mschap request and see.
------
ntlm_auth is in mschap module and you are sending a pap request. Test
with mschap (or real peap user). BTW that's not " the entire output of
RADIUSD -X." It's radtest output.
Ivan Kalik
Kalik Informatika ISP
Dana 15/7/2008, "Reveal MAP" <revealmapp at yahoo.fr> piše:
>Hello list!
>
>after
>i succeed creating my CA, (thanks a lot sergio), i encounter a new
>problem with Active Directory integration! i succeded it with help of
>this mailing list a couple of week ago, but in FR-2.0.2.
>
>Now i use FR-2.0.5.
>I
>followed the HOWTO, so ntlm_auth and winbind authenticate successfully.
>i didn't take a look at winbind_priviledge yet, but, when i try to
>authenticate with a user of existing in active Directory (using
>radtest), it just reject the user without no more message (taht i could
>interpretate to find what is missing).
>
>
>
>i set in /etc/raddb/module/mschap that lines:
>----------------------------------------------------------------------------------------------
>mschap {
> use_mppe = yes
> #require_encryption = yes
> #require_strong = yes
> with_ntdomain_hack = yes
>
>ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
>--username=%{mschap:User-Name} --challenge=%{mschap:Challenge:-00}
>--nt-response=%{mschap:NT-Response:-00}"
>}
>
>but still noticed this line on the ouput too (at radiusd -X startup):
>----------------------------------------------------------------------------------------------
>Module: Linked to sub-module rlm_eap_mschapv2
> Module: Instantiating eap-mschapv2
> mschapv2 {
> with_ntdomain_hack = no //shouldn't it be yes instead of no here?
>-------------------------------------------------------------------------------------------------
>
>
>here is the entire output of RADIUSD -X. thanx for help:
>--------------------------------------------------------------------------------------------
>aaa:~ # radtest glouglou glouglou localhost 1812 testing123
>Sending Access-Request of id 74 to 127.0.0.1 port 1812
> User-Name = "glouglou"
> User-Password = "glouglou"
> NAS-IP-Address = 127.0.0.2
> NAS-Port = 1812
>rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=74, length=20
>--------------------------------------------------------------------------------------------
>
>
>
> _____________________________________________________________________________
>Envoyez avec Yahoo! Mail. Une boite mail plus intelligente http://mail.yahoofr
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
_____________________________________________________________________________
Envoyez avec Yahoo! Mail. Une boite mail plus intelligente http://mail.yahoo.fr
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080715/76dac258/attachment.html>
More information about the Freeradius-Users
mailing list