Freeradius with Active_Directory

Hari Novferdianto novferdianto at gmail.com
Wed Aug 5 15:34:22 CEST 2009


Dear All...
I was following
http://deployingradius.com/documents/configuration/active_directory.html

I was installed freeradius-1.1.7 and samba version 3 on my slackware
11 and also I was installed Windows Server 2003 for Active Directory.

This is my smb.conf :
[global]
 workgroup = RADIUS
 security = server
 password server = radius.satelite.net

In this case I'm not using kerberos and I was successfully running my
samba and join with my domain.
This is about status from my server when I joined

root at jadul:  net join -U administrator
Password:
Joined domain RADIUS.

And I was successfully to use ntlm_auth helper to authenticate user
from my Active Directory. This is the message from my server.

root at jadul:/# ntlm_auth --request-nt-key --domain=radius.satelite.net
--  username=administrator
password:
NT_STATUS_OK: Success (0x0)

and also I add in the module section on radiusd.conf
 exec ntlm_auth {
              wait = yes
              program = "/path/to/ntlm_auth
--request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name}
--password=%{User-Password}"
      }

and also I add in the users file
   DEFAULT     Auth-Type = ntlm_auth

There is no problem when I check with radiusd -X and after I running
radiusd.
I was check account from my Active Directory using
radtest <user_AD> <pass_AD> localhost 1812 testing123

And the result is..

 radtest ferdi ferdi localhost 1812 testing123
Sending Access-Request of id 86 to 127.0.0.1 port 1812
      User-Name = "ferdi"
      User-Password = "ferdi"
      NAS-IP-Address = 255.255.255.255
      NAS-Port = 1812
Re-sending Access-Request of id 86 to 127.0.0.1 port 1812
      User-Name = "ferdi"
      User-Password = "ferdi"
      NAS-IP-Address = 255.255.255.255
      NAS-Port = 1812
rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=86, length=20

Why Reject..?

Please help me.. I'm so confused..
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090805/782fa14e/attachment.html>


More information about the Freeradius-Users mailing list