Freeradius with Active_Directory
Hari Novferdianto
novferdianto at gmail.com
Wed Aug 5 15:34:22 CEST 2009
Dear All...
I was following
http://deployingradius.com/documents/configuration/active_directory.html
I was installed freeradius-1.1.7 and samba version 3 on my slackware
11 and also I was installed Windows Server 2003 for Active Directory.
This is my smb.conf :
[global]
workgroup = RADIUS
security = server
password server = radius.satelite.net
In this case I'm not using kerberos and I was successfully running my
samba and join with my domain.
This is about status from my server when I joined
root at jadul: net join -U administrator
Password:
Joined domain RADIUS.
And I was successfully to use ntlm_auth helper to authenticate user
from my Active Directory. This is the message from my server.
root at jadul:/# ntlm_auth --request-nt-key --domain=radius.satelite.net
-- username=administrator
password:
NT_STATUS_OK: Success (0x0)
and also I add in the module section on radiusd.conf
exec ntlm_auth {
wait = yes
program = "/path/to/ntlm_auth
--request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name}
--password=%{User-Password}"
}
and also I add in the users file
DEFAULT Auth-Type = ntlm_auth
There is no problem when I check with radiusd -X and after I running
radiusd.
I was check account from my Active Directory using
radtest <user_AD> <pass_AD> localhost 1812 testing123
And the result is..
radtest ferdi ferdi localhost 1812 testing123
Sending Access-Request of id 86 to 127.0.0.1 port 1812
User-Name = "ferdi"
User-Password = "ferdi"
NAS-IP-Address = 255.255.255.255
NAS-Port = 1812
Re-sending Access-Request of id 86 to 127.0.0.1 port 1812
User-Name = "ferdi"
User-Password = "ferdi"
NAS-IP-Address = 255.255.255.255
NAS-Port = 1812
rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=86, length=20
Why Reject..?
Please help me.. I'm so confused..
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090805/782fa14e/attachment.html>
More information about the Freeradius-Users
mailing list