FreeRADIUS Active Directory Integration
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Fri May 15 12:22:47 CEST 2009
hi,
you still have ntlm_auth in your authorise section...thats wrong.
take ntlm_auth out of there.
edit modules/mschap and uncomment the ntlm_auth line (and configure
anything else you need such as MPPE) and then ensure that
mschap is called in the virtual server (sites-enabled/default)
and inner-tunnel (if using EAP) in the authenticate section.
the default config as supplied by FreeRADIUS *WORKS* - I can
vouch for that having started on many greenfield sites with a
bare new FreeRADIUS server and getting packets auth'd with just
a few config changes for the required purpose.
i think you might be getting confused with the 'authorize'
terminology. the server first checks to see if the user-name
is authorised to connect (ie has the 'rights' to connect from
a NAS, at a certain time etc etc), this stops it having to
check the password first - a waste of auth server time! -
the server then checks the authentication (ie is the password
correct?) if the user is allowed to connect. after this,
the post-auth and accounting is done.
remember, if using EAP, the server will read eap.conf and
by default will then use the inner-tunnel virtual server -
so if using EAP you have THOSE auth/auth/acct sections to
deal with too!
alan
More information about the Freeradius-Users
mailing list