AW: AW: AW: Problem with ntlm_auth
Frederik.Niedernolte at Bertelsmann.de
Frederik.Niedernolte at Bertelsmann.de
Thu Oct 9 14:57:56 CEST 2008
Is is possible to use only one freeRADIUS server (the just configured one) for a bunch of different domains
in my active directory network?
How?
F. Niedernolte
-----Ursprüngliche Nachricht-----
Von: freeradius-users-bounces+frederik.niedernolte=bertelsmann.de at lists.freeradius.org [mailto:freeradius-users-bounces+frederik.niedernolte=bertelsmann.de at lists.freeradius.org] Im Auftrag von tnt at kalik.net
Gesendet: Donnerstag, 9. Oktober 2008 14:05
An: FreeRadius users mailing list
Betreff: Re: AW: AW: Problem with ntlm_auth
>OK, thanks.
>Now it works.
>Is this the way it should look right?
>
Yes. that's OK.
..
>[files] users: Matched entry DEFAULT at line 2
>++[files] returns ok
Entry setting Auth-Type.
..
>[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
That's because the password is not given to radius server but is checked
in AD.
>++[pap] returns noop
>Found Auth-Type = ntlm_auth
This was forced in users file.
>+- entering group authenticate {...}
>[ntlm_auth] expand: --username=%{mschap:User-Name} -> --username=MyUser
>[ntlm_auth] expand: --password=%{User-Password} -> --password=MyPassword
>Exec-Program output: NT_STATUS_OK: Success (0x0)
>Exec-Program-Wait: plaintext: NT_STATUS_OK: Success (0x0)
>Exec-Program: returned: 0
>++[ntlm_auth] returns ok
And user is authenticated in AD.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list