Freeradius 2.0 with Activedirectory Integration Failed

Andy Ng nding at hotmail.com
Mon Nov 17 11:22:46 CET 2008


Hi Ivan,

Thanks!
I followed the manual by removing the entry that was added in users file...
And I added "ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
--username=%{mschap:User-Name:-None} --domain=%{mschap:NT-Domain:-TEST}
--challenge=%{mschap:Challenge:-00}
--nt-response=%{mschap:NT-Response:-00}"" to the MSCHAP module, and started
radiusd -X:

Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 27805, id=200,
length=8                                                                             
6
        User-Name = "test"
        User-Password = "Pa55w0rd"
        NAS-IP-Address = 127.0.0.1
        NAS-Identifier = "sshd"
        NAS-Port = 26780
        NAS-Port-Type = Virtual
        Service-Type = Authenticate-Only
        Calling-Station-Id = "10.0.0.151"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.  Authentication
may                                                                              
fail because of this.
++[pap] returns noop
No authenticate method (Auth-Type) configuration found for the request:
Rejectin                                                                             
g the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> test
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 1 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 1
Sending Access-Reject of id 200 to 127.0.0.1 port 27805
Waking up in 4.9 seconds.
Cleaning up request 1 ID 200 with timestamp +47
Ready to process requests.

-----
But after testing, I noticed that it did not hit the ntlm_auth command.
What is it I did wrong?

Regards,
Andy
-- 
View this message in context: http://www.nabble.com/Freeradius-2.0-with-Activedirectory-Integration-Failed-tp20355701p20536920.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.




More information about the Freeradius-Users mailing list