need help authenticating against AD
tnt at kalik.net
tnt at kalik.net
Thu Nov 19 23:30:50 CET 2009
> I need some help authenticating against AD. I have followed directions
> online as best as I can, but things still aren't working as expected.
These:
http://deployingradius.com/documents/configuration/active_directory.html
> I'm
> ultimately hoping to have our VPN users and admins logging into Cisco
> network equipment authenticate against AD through our FreeRADIUS 2
> installation. Today, I have been testing authentication from one of Cisco
> switches, and I continually receive this basic output:
You are not authenticating against AD. You are authenticating against
local system file:
...
> Thu Nov 19 16:17:34 2009 : Info: ++[unix] returns updated
...
> Thu Nov 19 16:17:34 2009 : Info: [pap] login attempt with password "xxxx"
> Thu Nov 19 16:17:34 2009 : Info: [pap] Using CRYPT encryption.
> Thu Nov 19 16:17:34 2009 : Info: [pap] Passwords don't match
... and the password isn't correct.
> I can't tell from this output if the RADIUS server is ever even attempting
> to reach AD.
It isn't.
> Obviously, if I enter the correct password for my username on
> the RADIUS server itself, authentication will succeed, but this is not the
> desired behavior at this time.
Comment out unix in authorize then. If you follow the guide this will work
with Auth-Type := ntlm_auth in users file.
Ivan Kalik
More information about the Freeradius-Users
mailing list