Freeradius 2.0 with Activedirectory Integration Failed
Andy Ng
nding at hotmail.com
Mon Nov 10 08:22:17 CET 2008
Anders Holm-3 wrote:
>
> You have two errors to fix...
>
> This;
>
>>>>
>>>>
>>>> /usr/local/etc/raddb/users[1]: Parse error (check) for entry
>>>> DEFAULT:
>>>> Unknown value ntlm_auth for attribute Auth-Type
>
> And this:
>
>>>> Errors reading /usr/local/etc/raddb/users
>>>> /usr/local/etc/raddb/modules/files[7]: Instantiation failed for
>>>> module
>>>> "files"
>>>> /usr/local/etc/raddb/sites-enabled/inner-tunnel[111]: Failed to find
>> module
>>>> "files".
>>>> /usr/local/etc/raddb/sites-enabled/inner-tunnel[34]: Errors parsing
>>>> authorize section.
>>>> }
>>>> }
>>>> Errors initializing modules
>>>>
>>>> It seems like it require an external ntlm_auth to execute, rather
>>>> than one
>>>> that is embedded in MSCHAP module.
>>>>
>>>
>>> Well, yes. You said you were following the instructions in
>>>
>>> http://deployingradius.com/documents/configuration/active_directory.html
>>>
>>> That's one of the steps. Just add ntlm_auth to authenticate in both
>>> virtual servers (default and inner-tunnel).
>
> Is this the step you are struggling with?
>
>> The URL that I was following is using freeradius 1.x
>
> A lot of the documentation on the site is for 1.x so when you have
> figured things out, documenting it is a geeat way to return something
> to the project
>
>> Now, I am using freeradius 2.x, and thus I skipped the creation of
>> "exec
>> ntlm_auth"
>>
>> Furthermore, I do not know how to do so...
>
> If the docs don't give an example, this is your chance to help getting
> it updated.
>
>> I tried to add it to the "exec" file in the module directory, but it
>> didn't
>> work.
>> The error is still reported to be the same.
>
> Well, yes, as it is still the same problem.
>
>> Should I fall back to freeradius 1.x instead?
>
> No.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
Hi Anders,
The problems that you have highlighted are the ones that I have having :-)
I added "exec ntlm_auth" into the exec file in the modules folder, and as
Ivan has recommended, I added a line to the users file.
The next step is to make exec ntlm_auth recognized by the radius
configuration.
Currently, there are some questions that are going on in my head...
:confused:
1. Must the ntlm_auth be placed in modules or in radiusd.conf?
If the configuration exec ntlm_auth is to be placed in modules, which
modules?
2. In the URL, that indicated that I must input ntlm_auth into the
authenticate routine in freeradius 1.x, but freeradius 2.x is all separated,
any idea which is the one that I should placed into?
I will do some trial and error on my end though...
And I think that after being successful on this, I will need help from you
guys to get this documented, I think that freeradius 2.x has very little
documentation, and not many will be willing to take the plunge to 2.x...
Thanks!
Regards,
Andy
--
View this message in context: http://www.nabble.com/Freeradius-2.0-with-Activedirectory-Integration-Failed-tp20355701p20415385.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
More information about the Freeradius-Users
mailing list