AW: Authenticating SSH login on a Cisco IOS switch to AD

Schaatsbergen, Chris Chris.Schaatsbergen at aleo-solar.de
Fri Feb 11 13:16:27 CET 2011


OK, so the current problem seems to be that I cannot get the ntlm_auth to work. I read http://freeradius.1045715.n5.nabble.com/Freeradius-with-Active-Directory-td2747221.html but that does not seem to apply for me as the ntlm_auth file contains the exec. 

Attached (if that works) is the radius -X output for the current working configuration (basic_configuration_run.txt). We are only doing mac-authentication now and depending on the mac-address, the device is placed in a certain VLAN. I unfortunately did not install the server myself but as far as I know FR was originally installed from the Debian package 2.1.8 and we recently upgraded to 2.1.10.

Until a year ago I never really worked with (free)radius, linux or cisco switches and it still is just a small part of my daily work, so I probably make a lot of beginner mistakes.

# -*- text -*-
#
#  $Id$
# NTLM module
#
#  To authenticate requests using AD.
#
exec ntlm_auth {
	wait = yes
	program = "/usr/bin/ntlm_auth --request-nt-key --domain=ALEO.LOCAL --username=%{mschap:User-Name} --password=%{User-Password}"
}

If I add ntlm_auth to the beginning of the users file I get an error
/etc/freeradius/users[157]: Parse error (check) for entry DEFAULT: Unknown value ntlm_auth for attribute Auth-Type
Errors reading /etc/freeradius/users

If I add ntlm_auth to the authenticate section of the default virtual server I get an error
/etc/freeradius/sites-enabled/default[254]: Failed to load module "ntlm_auth".
/etc/freeradius/sites-enabled/default[217]: Errors parsing authenticate section.

If I add ntlm_auth to the modules section of radiusd.conf I get a 'warning'
/etc/freeradius/radiusd.conf[1840]: Failed to link to module 'rlm_ntlm_auth': file not found
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: basic_configuration_run.txt
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110211/15de73aa/attachment.txt>


More information about the Freeradius-Users mailing list