FreeRadius + AD + Realms

Matthew P mayday64 at hotmail.com
Wed Jun 30 08:04:02 CEST 2010 

Hello everyone!

I'm new to FreeRadius, so please bear with me. :)

Goal: Make FreeRadius look-up a user in ActiveDirectory if he has "mydomain.com" domain.
Used method: EAP/TTLS (PAP in the tunnel)

This is how I've done it, but it doesn't give the wanted results, so please explain a bit. :)
(it doesn't seem to load the local_ad virtual server configuration, which is I placed in the sites-enabled directory, it seems to just carry on executing the default server)

parts from proxy.conf:
proxy server {
    default_fallback = no
}

home_server localhost_ad {
    type = auth
    virtual_server = local_ad
}

home_server_pool active_directory {
    type = fail-over
    virtual_server = local_ad
    home_server = localhost_ad
}

realm mydomain.com {
    auth_pool = active_directory
}

And the output:
rad_recv: Access-Request packet from host 192.168.0.101 port 1812, id=8,
length=138
    NAS-IP-Address = 192.168.0.101
    NAS-Port-Type = Async
    User-Name = "user at mydomain.com"
    Service-Type = Framed-User
    Framed-MTU = 1500
    Calling-Station-Id = "00-11-22-33-44-55"
    EAP-Message =
0x0200001d016a73691d756e646363406c73732d6e65542e6c73732e6872
    Message-Authenticator = 0x10017179767a5ab6718168e8399c8993
+- entering group authorize
++[preprocess] returns ok
    rlm_realm: Looking up realm "mydomain.com" for User-Name = "user at mydomain.com"
    rlm_realm: Found realm "mydomain.com"
    rlm_realm: Adding Stripped-User-Name = "user"
    rlm_realm: Adding Realm = "mydomain.com"
    rlm_realm: Proxying request from user user to realm mydomain.com
    rlm_realm: Preparing to proxy authentication request to realm "mydomain.com"
++[suffix] returns updated
  rlm_eap: Request is supposed to be proxied to Realm mydomain.com. Not doing EAP.
++[eap] returns noop
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
There was no response configured: rejecting request 0
  Found Post-Auth-Type Reject
+- entering group REJECT
    expand: %{User-Name} -> user at mydomain.com
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request

Thanks in advance!
 		 	   		  
_________________________________________________________________
Hotmail: Trusted email with powerful SPAM protection.
https://signup.live.com/signup.aspx?id=60969

More information about the Freeradius-Users mailing list