PopTop
Josip Rodin
joy at entuzijast.net
Wed Apr 21 15:09:27 CEST 2010
On Tue, Apr 20, 2010 at 03:49:59PM -0500, Jonathan Hutchins wrote:
> I really appreciate the help and patience:
>
> On Tuesday 20 April 2010 03:38:53 pm Alan Buxey wrote:
>
> > see your logs, it says
>
> > ++[unix] returns notfound
> > [files] users: Matched entry DEFAULT at line 172
>
> That worries me a bit, but I think at that point it's treating <username> as
> <DOMAIN>/<user>, and _that's_ what it's not finding in the unix system. That
> or the password is hashed incorrectly for unix.
Yes. You still didn't invoke the 'ntdomain' instance of the realm module, so
the DOMAIN\ part didn't get split off before the user name got into the unix
module instance.
Just have a look at a few lines above unix:
[suffix] No '@' in User-Name = "AABENSON\jonathan", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
[files] users: Matched entry DEFAULT at line 172
That means you still had the 'suffix' instance running, rather than
ntdomain. Right at the place where you now have suffix enabled, enable
ntdomain, and you'll get your username without the domain, and you'll
probably move forward in trying to authenticate the user 'jonathan',
whether he be local (module unix) or somehow remote (samba, ldap, ...).
--
2. That which causes joy or happiness.
More information about the Freeradius-Users
mailing list