Configuring FreeRADIUS to use ntlm_auth for MS-CHAP

Pedro Alves pedrojmalves at gmail.com
Wed Apr 28 18:19:16 CEST 2010 

Hello Again.

This is the test with local user:

AP#test aaa group radius userlocal localpass new-code
Trying to authenticate with Servergroup radius
User successfully authenticated

rad_recv: Access-Request packet from host xx.xx.xx.xx port 1645, id=174, length=53
        User-Password = " localpass "
        User-Name = " userlocal "
        NAS-IP-Address = xx.xx.xx.xx
+- entering group authorize {...}
++[preprocess] returns ok
++[mschap] returns noop
[suffix] No '@' in User-Name = "local01", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry local01 at line 79
[files]         expand: Ola, %{User-Name} -> Ola, local01
++[files] returns ok
WARNING: Please update your configuration, and remove 'Auth-Type = Local'
WARNING: Use the PAP or CHAP modules instead.
User-Password in the request is correct.
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 174 to 10.1.3.17 port 1645
        Reply-Message = "Ola, local01"
Finished request 5.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 5 ID 174 with timestamp +416
Ready to process requests.



This is the test with AD user:

AP#test aaa group radius userad userpass new-code  
Trying to authenticate with Servergroup radius
User rejected

rad_recv: Access-Request packet from host xx.xx.xx.xx port 1645, id=175, length=52
        User-Password = "userpass"
        User-Name = "userad"
        NAS-IP-Address = xx.xx.xx.xx
+- entering group authorize {...}
++[preprocess] returns ok
++[mschap] returns noop
[suffix] No '@' in User-Name = "radius", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> radius
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 6 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 6
Sending Access-Reject of id 175 to 10.1.3.17 port 1645
Waking up in 4.9 seconds.
Cleaning up request 6 ID 175 with timestamp +531
Ready to process requests.





-----Original Message-----
From: freeradius-users-bounces+pedrojmalves=gmail.com at lists.freeradius.org [mailto:freeradius-users-bounces+pedrojmalves=gmail.com at lists.freeradius.org] On Behalf Of Alan DeKok
Sent: quarta-feira, 28 de Abril de 2010 16:40
To: FreeRadius users mailing list
Subject: Re: Configuring FreeRADIUS to use ntlm_auth for MS-CHAP

Pedro Alves wrote:
> User define in user “files” work fine, but user on AD don’t.
> 
> In freeradius using the test bellow, I can access users on AD.

  Have you followed the "Active Directory" howto on
http://deployingradius.com?

> root at MHVRAD01:/usr/local/etc/raddb# radiusd -X
...
> Ready to process requests.

  ... and the server doesn't receive any packets.

  We can't help you debug an issue if you don't show us what's happening.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list