FreeRADIUS and Active Directory
tnt at kalik.net
tnt at kalik.net
Thu Feb 19 11:33:21 CET 2009
>I believe I did all I had to enable my freeradius server to chat to
>windows AD
>
>
>I did changes to my FreeRADIUS configuration according
>http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO
I have news for you - you haven't done any of this:
http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO#Configuration_of_radiusd.conf
> Module: Instantiating mschap
> mschap {
> use_mppe = yes
> require_encryption = no
> require_strong = no
*> with_ntdomain_hack = no*
> }
Also no ntlm_auth configured in mschap module (raddb/modules/mschap). So:
>[mschapv2] +- entering group MS-CHAP {...}
>[mschap] NT Domain delimeter found, should we have enabled with_ntdomain_hack?
Server asks about the hack.
>[mschap] Told to do MS-CHAPv2 for AD\tomas with NT-Password
>[mschap] FAILED: MS-CHAP2-Response is incorrect
>++[mschap] returns reject
And it isn't using ntlm_auth.
You have an updated manual (relevant to freeradius 2.x) at:
http://deployingradius.com/documents/configuration/active_directory.html
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list