FreeRADIUS Active Directory Integration
Ivan Kalik
tnt at kalik.net
Fri May 15 00:13:42 CEST 2009
> Thanks for the catch on listing ntlm_auth in authorize. I followed the
> deployingradius.com link. I'm still not getting it. I tried uncommenting
> the ntlm_auth = line in the mschap file. I got the same result.
>
> +- entering group authorize {...}
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> [suffix] No '@' in User-Name = "DOM002\MD90345", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> ++[unix] returns notfound
> [files] users: Matched entry DEFAULT at line 174
> ++[files] returns ok
> ++[expiration] returns noop
> ++[logintime] returns noop
> [ntlm_auth] expand: --username=%{mschap:User-Name} ->
ntlm_auth is still listed in authorize (only lower down the order). Remove
it from there. And what happened to eap? It should be before unix, files,
etc.
> including configuration file /etc/raddb/modules/mschap
...
> Module: Instantiating mschap
> mschap {
> use_mppe = yes
> require_encryption = yes
> require_strong = yes
> with_ntdomain_hack = yes
> }
You haven't enabled ntlm_auth in mschap module. You only have it as
standalone exec script.
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list