Freeradius with Active Directory

Whitmarsh Mark (Leeds Teaching Hospitals NHS Trust) mark.whitmarsh at nhs.net
Wed Mar 10 16:52:58 CET 2010


Hi,
I've included the ntlm_auth command line - is that what you meant by
> can you cut and past your ntlm_auth line

ntlm_auth --request-nt-key --domain=XXX.local --username=XXX
password:
NT_STATUS_OK: Success (0x0)

=======================================
The /etc./raddb/modules/ntlm_auth file:
# -*- text -*-
#
#  $Id$
# NTLM module
#
#  To authenticate requests using AD.
#
ntlm_auth {
                wait = yes
                program = "/usr/bin/ntlm_auth --request-nt-key --domain=XXX --username=%{mschap:User-Name} --password=%{User-Password}"
        }
=======================================


=======================================
Extract from /etc/raddb/sites-enabled/default
        # Uncomment it if you want to use ldap for authentication
        #
        # Note that this means "check plain-text password against
        # the ldap database", which means that EAP won't work,
        # as it does not supply a plain-text password.
#       Auth-Type LDAP {
#               ldap
#       }
        #
        #  Allow EAP authentication.
        eap
        ntlm_auth
}

#
#  Pre-accounting.  Decide which accounting type to use.
#
=======================================

=======================================
Extract from /etc/raddb/sites-enabled/inner-tunnel
 # Uncomment it if you want to use ldap for authentication
        #
        # Note that this means "check plain-text password against
        # the ldap database", which means that EAP won't work,
        # as it does not supply a plain-text password.
#       Auth-Type LDAP {
#               ldap
#       }
        #
        #  Allow EAP authentication.
        eap
        ntlm_auth
}
######################################################################
#
#       There are no accounting requests inside of EAP-TTLS or PEAP
#       tunnels.
#
######################################################################

#  Session database, used for checking Simultaneous-Use. Either the radutmp
=======================================

Thanks,
Mark.

________________________________________
From: freeradius-users-bounces+mark.whitmarsh=nhs.net at lists.freeradius.org [freeradius-users-bounces+mark.whitmarsh=nhs.net at lists.freeradius.org] On Behalf Of Alan Buxey [A.L.M.Buxey at lboro.ac.uk]
Sent: 10 March 2010 14:07
To: FreeRadius users mailing list
Subject: Re: Freeradius with Active Directory

Hi,

> Everything works up to and including the command line test using ntlm_auth but after I create the file raddb/modules/ntlm_auth
> and make the changes to raddb/sites-enabled/default , raddb/sites-enabled/inner-tunnel and the users file I get an error when running radiusd -X

can you cut and past your ntlm_auth line  (comment out with XXX's any sensitive data)

and the inner-tunnel and default config files - just the section around where you made
changes - at least 20 lines before and after. (once again, comment out any sensitive values)

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

********************************************************************************************************************

This message may contain confidential information. If you are not the intended recipient please inform the
sender that you have received the message in error before deleting it.
Please do not disclose, copy or distribute information in this e-mail or take any action in reliance on its contents:
to do so is strictly prohibited and may be unlawful.

Thank you for your co-operation.

NHSmail is the secure email and directory service available for all NHS staff in England and Scotland
NHSmail is approved for exchanging patient data and other sensitive information with NHSmail and GSI recipients
NHSmail provides an email address for your career in the NHS and can be accessed anywhere
For more information and to find out how you can switch, visit www.connectingforhealth.nhs.uk/nhsmail

********************************************************************************************************************





More information about the Freeradius-Users mailing list