EAP-TTLS (PAP) with Win2K3 domain not working
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Thu Jun 25 18:43:52 CEST 2009
Hi,
> exec ntlm_auth_pap {
> wait = yes
> input_pairs = request
> shell_escape = yes
> output = none
>
> program = "/path/to/ntlm_auth --username=%{User-Name} --domain=EXCHANGE --password=%{User-Password}"
^^^^^^^^^^^^
i really do hope that you changed that bit to be the correct $PATH
for your ntlm_auth command
> and I edited /etc/freeradius/sites-available/default file and
> /etc/freeradius/sites-enabled/default, section authenticate to
>
> Auth-Type PAP
> {
> ntlm_auth_pap
> }
no. this is TTLS, so this is going to occur in the inner-tunnel
unless you've really cooked up your config is some wierd way.
a default install will use the inner-tunnel sites-enabled file
- put your ntlm_auth_pap stuff into that file.
> server inner-tunnel {
> +- entering group authorize {...}
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[unix] returns notfound
> [suffix] No '@' in User-Name = "testuser", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> ++[control] returns noop
> [eap] No EAP-Message, not doing EAP
> ++[eap] returns noop
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> ++[pap] returns noop
> No authenticate method (Auth-Type) configuration found for the
> request: Rejecting the user
>
> Failed to authenticate the user.
> } # server inner-tunnel
see. inner-tunnel. you arent dealing with the user properly
alan
More information about the Freeradius-Users
mailing list