AW: Authenticating SSH login on a Cisco IOS switch to AD

Alan DeKok aland at deployingradius.com
Fri Feb 11 13:57:11 CET 2011


Schaatsbergen, Chris wrote:
> OK, so the current problem seems to be that I cannot get the ntlm_auth to work. I read http://freeradius.1045715.n5.nabble.com/Freeradius-with-Active-Directory-td2747221.html but that does not seem to apply for me as the ntlm_auth file contains the exec. 

  Why?  Why not read the main web page that *correctly* describes how to
get it to work?

http://deployingradius.com/documents/configuration/active_directory.html

> If I add ntlm_auth to the beginning of the users file I get an error
> /etc/freeradius/users[157]: Parse error (check) for entry DEFAULT: Unknown value ntlm_auth for attribute Auth-Type
> Errors reading /etc/freeradius/users

  Because you didn't add it in the "authenticate" section as described
in the web page.

> If I add ntlm_auth to the authenticate section of the default virtual server I get an error
> /etc/freeradius/sites-enabled/default[254]: Failed to load module "ntlm_auth".
> /etc/freeradius/sites-enabled/default[217]: Errors parsing authenticate section.

  Because you didn't add the module definition as described in the web page.

> If I add ntlm_auth to the modules section of radiusd.conf I get a 'warning'
> /etc/freeradius/radiusd.conf[1840]: Failed to link to module 'rlm_ntlm_auth': file not found

  Because you followed the *wrong* example from the list archive,
instead of following the example on the web page.

  Read the web page, and look for "Configuring FreeRADIUS to use
ntlm_auth".  Follow the instructions there *exactly*, and it *will* work.

  Alan DeKok.



More information about the Freeradius-Users mailing list