AW: Authenticating SSH login on a Cisco IOS switch to AD
Alan DeKok
aland at deployingradius.com
Fri Feb 11 13:57:11 CET 2011
Schaatsbergen, Chris wrote:
> OK, so the current problem seems to be that I cannot get the ntlm_auth to work. I read http://freeradius.1045715.n5.nabble.com/Freeradius-with-Active-Directory-td2747221.html but that does not seem to apply for me as the ntlm_auth file contains the exec.
Why? Why not read the main web page that *correctly* describes how to
get it to work?
http://deployingradius.com/documents/configuration/active_directory.html
> If I add ntlm_auth to the beginning of the users file I get an error
> /etc/freeradius/users[157]: Parse error (check) for entry DEFAULT: Unknown value ntlm_auth for attribute Auth-Type
> Errors reading /etc/freeradius/users
Because you didn't add it in the "authenticate" section as described
in the web page.
> If I add ntlm_auth to the authenticate section of the default virtual server I get an error
> /etc/freeradius/sites-enabled/default[254]: Failed to load module "ntlm_auth".
> /etc/freeradius/sites-enabled/default[217]: Errors parsing authenticate section.
Because you didn't add the module definition as described in the web page.
> If I add ntlm_auth to the modules section of radiusd.conf I get a 'warning'
> /etc/freeradius/radiusd.conf[1840]: Failed to link to module 'rlm_ntlm_auth': file not found
Because you followed the *wrong* example from the list archive,
instead of following the example on the web page.
Read the web page, and look for "Configuring FreeRADIUS to use
ntlm_auth". Follow the instructions there *exactly*, and it *will* work.
Alan DeKok.
More information about the Freeradius-Users
mailing list