AW: AW: AW: Authenticating SSH login on a Cisco IOS switch to AD
Schaatsbergen, Chris
Chris.Schaatsbergen at aleo-solar.de
Mon Feb 14 12:02:34 CET 2011
OK, I think I found out where things are going wrong.
In my Radius -X log I noticed the "Starting - reading configuration files" is short, compared to those of others. What is missing is actually:
including files in directory /usr/local/etc/raddb/modules/
(followed by
including configuration file /usr/local/etc/raddb/modules/checkval
including configuration file /usr/local/etc/raddb/modules/krb5
including configuration file /usr/local/etc/raddb/modules/sql_log
including configuration file /usr/local/etc/raddb/modules/linelog
including configuration file /usr/local/etc/raddb/modules/exec
including configuration file /usr/local/etc/raddb/modules/ldap
including configuration file /usr/local/etc/raddb/modules/sradutmp
including configuration file /usr/local/etc/raddb/modules/chap
including configuration file /usr/local/etc/raddb/modules/radutmp
including configuration file /usr/local/etc/raddb/modules/inner-eap
including configuration file /usr/local/etc/raddb/modules/unix
including configuration file/usr/local/etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /usr/local/etc/raddb/modules/dynamic_clients
including configuration file /usr/local/etc/raddb/modules/mac2ip
including configuration file /usr/local/etc/raddb/modules/counter
including configuration file /usr/local/etc/raddb/modules/smbpasswd
including configuration file /usr/local/etc/raddb/modules/files
including configuration file /usr/local/etc/raddb/modules/realm
including configuration file /usr/local/etc/raddb/modules/etc_group
including configuration file /usr/local/etc/raddb/modules/pam
including configuration file /usr/local/etc/raddb/modules/acct_unique
including configuration file /usr/local/etc/raddb/modules/detail.example.com
including configuration file /usr/local/etc/raddb/modules/preprocess
including configuration file /usr/local/etc/raddb/modules/digest
including configuration file /usr/local/etc/raddb/modules/mac2vlan
including configuration file /usr/local/etc/raddb/modules/opendirectory
including configuration file /usr/local/etc/raddb/modules/attr_rewrite
including configuration file /usr/local/etc/raddb/modules/otp
including configuration file /usr/local/etc/raddb/modules/policy
including configuration file /usr/local/etc/raddb/modules/ippool
including configuration file /usr/local/etc/raddb/modules/logintime
including configuration file /usr/local/etc/raddb/modules/wimax
including configuration file /usr/local/etc/raddb/modules/expiration
including configuration file /usr/local/etc/raddb/modules/attr_filter
including configuration file /usr/local/etc/raddb/modules/smsotp
including configuration file /usr/local/etc/raddb/modules/ntlm_auth
including configuration file /usr/local/etc/raddb/modules/detail
including configuration file /usr/local/etc/raddb/modules/mschap
including configuration file /usr/local/etc/raddb/modules/detail.log
including configuration file /usr/local/etc/raddb/modules/pap
including configuration file /usr/local/etc/raddb/modules/always
including configuration file /usr/local/etc/raddb/modules/passwd
including configuration file /usr/local/etc/raddb/modules/cui
including configuration file /usr/local/etc/raddb/modules/expr
including configuration file /usr/local/etc/raddb/modules/echo
including configuration file /usr/local/etc/raddb/modules/perl)
This is all not in my freeradius -X logs and is in the logs of others.
Now where do I enable/disable loading the modules folder?
> -----Ursprüngliche Nachricht-----
> Von: freeradius-users-bounces+chris.schaatsbergen=aleo-
> solar.de at lists.freeradius.org [mailto:freeradius-users-
> bounces+chris.schaatsbergen=aleo-solar.de at lists.freeradius.org] Im
> Auftrag von Schaatsbergen, Chris
> Gesendet: Freitag, 11. Februar 2011 19:32
> An: FreeRadius users mailing list
> Betreff: AW: AW: AW: Authenticating SSH login on a Cisco IOS switch to
> AD
>
> > > So far I have done everything there exactly as described with the
> > same outcome.
> >
> > No.
> >
> > If you get the error "Failed to link to module
> 'rlm_ntlm_auth':...",
> > it means you did something *other* than what is on the web page.
> >
> > > This is I believe indeed the missing piece, problem is I cannot
> find
> > it in your web page.
> >
> > It's the "exec ntlm_auth { ..." text.
> >
> > Add it, *and* the "ntlm_auth" entry in the "authenticate" section.
>
> The ntlm_auth file with the exec ntlm_auth text has been in the module
> folder since I started working on this (actually I believe it was
> already there as it is has been added in 2.1.8), about a week ago. It
> is also what I have indicated both in my original post and in the
> repost I made today. The file is there, and the exact contents of that
> file are in the repost I posted earlier today. Now if there is
> something wrong with that file I would love to hear it. I tried various
> ways of adding ntlm_auth to the authentication section of the default
> virtual machine but all with the same outcome, module not found.
>
> Unfortunately I do not see where the actual problem lies, otherwise I
> would not have bothered you with it.
>
> I have followed the instructions from your webpage to the letter and
> when that did not work I tried some other suggestions but they all
> proven without effect and are therefore removed again.
>
> Now, if anyone is willing to actually look to see what is going wrong
> instead of immediately jumping to the easy conclusions, that help would
> be highly appreciated. I am pretty sure I made a mistake somewhere, but
> it has not been in following these instructions. More likely it is in
> the original configuration or how I changed it to fit our need (Mac
> authentication). The current running config works properly, but it is
> very well possible I disabled something that is needed for ntlm_auth.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list