freeradius compiled version (lastest) against active directory authentication

luis a luis.azunet at yahoo.es
Tue Sep 30 17:26:11 CEST 2008



--- El mar, 30/9/08, Alan DeKok <aland at deployingradius.com> escribió:
De: Alan DeKok <aland at deployingradius.com>
Asunto: Re: freeradius compiled version (lastest) against active directory authentication
Para: luis.azunet at yahoo.es, "FreeRadius users mailing list" <freeradius-users at lists.freeradius.org>
Fecha: martes, 30 septiembre, 2008 3:07

luis a wrote:
> I have everything seemingly well-configured to authenticate against
> Active Directory
> but I lack the parameters under which I use the default
> ntlm_auth module

  What does that mean?

  Have you tried my web site (deployingradius.com) ?   It has a
"howto"
for configuring authentication against Active Directory.

i all ready read it and he does not work 


check  it out the output 

------------------------------------


Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 49964, id=37, length=72
        User-Name = "luis"
        User-Password = "x"
        NAS-IP-Address = xx.xx.xx.x
        NAS-Port = 0
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "luis", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns updated
[files] WARNING: Deprecated conditional expansion ":-".  See "man unlang" for details
[files]         expand: %{Stripped-User-Name:-%{User-Name}} -> luis

that warning apered after i added the line to the user config file
DEFAULT  Auth-Type = Local, Password == "stealme"

..



WARNING: Found User-Password == "...".
WARNING: Are you sure you don't mean Cleartext-Password?
WARNING: See "man rlm_pap" for more information.



++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
+- entering group PAP {...}
[pap] login attempt with password "x"
[pap] Using CRYPT encryption.
[pap] Passwords don't match
++[pap] returns reject
Failed to authenticate the user.




-------------------
and also when i remplace 
DEFAULT  Auth-Type = System 

i get this message .



rad_recv: Access-Request packet from host 127.0.0.1 port 50255, id=25, length=72
        User-Name = "luis"
        User-Password = "x"
        NAS-IP-Address = xx.xx.xx.xx
        NAS-Port = 0
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "luis", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns updated
[files] WARNING: Deprecated conditional expansion ":-".  See "man unlang" for details
[files]         expand: %{Stripped-User-Name:-%{User-Name}} -> luis
[files] users: Matched entry DEFAULT at line 205
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = System
+- entering group authenticate {...}
[unix] invalid password "luis"
++[unix] returns reject
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> luis
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 25 to 127.0.0.1 port 50255
Waking up in 4.9 seconds.
Cleaning up request 0 ID 25 with timestamp +4
Ready to process requests.


  Alan DeKok.



      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080930/fb9c06d4/attachment.html>


More information about the Freeradius-Users mailing list