Active Directory authentication question
Roberto Carna
robertocarna36 at gmail.com
Fri Oct 18 16:26:13 CEST 2013
Dear, the Freeradius authentication against AD withn EAP-MSCHAPv2
works OK nowadays.
When I login from my notebook, I authenticate my AD credentials and I
get an IP from my network.
>From my notebook I can navigate the web, but when I want to access a
network resource let's say \\moscu\docs, I get the message that my
user doesn't have thge appropriate rights.
Is itv possible that the problem is the user I authenticate through
Freeradius is roberto and not \\domain\roberto ??? Where can I modify
this parameter in order to test ???
Thanks a lot !!!
Roberto
2013/9/25 <stefan.paetow at diamond.ac.uk>:
>> But in the EAP-TLS section from eap.conf file, I don't see any
>> reference to MSCHAPv2....and remember the NTLM authentication query is
>> set up in the MSCHAPv2 module....
>
> EAP-TLS does not use MSCHAPv2. It uses certificates.
>
> I quote Alan DeKok's response to your question on September 18:
>
>> > Dear, I have several Windows 7 clients over WiFi autheticating throug
>> > EAP-TLS to a Freeradius 2.1 service against a local MySQL database, it
>> > works OK.
>>
>> EAP-TLS doesn't use MySQL for storing credentials. Everything is in
>> the certificate.
>>
>> > Because I don't know so much about Windows world, I need to know if I
>> > have to use NTLM, LDAP or Kerberos in order to authenticate against
>> > the remote AD.
>>
>> For MS-CHAP and PEAP, you use ntlm. You don't have any other choice.
>>
>> For EAP-TLS, you don't use AD or MySQL.
>
>
>
> --
> This e-mail and any attachments may contain confidential, copyright and or privileged material, and are for the use of the intended addressee only. If you are not the intended addressee or an authorised recipient of the addressee please notify us of receipt by returning the e-mail and do not use, copy, retain, distribute or disclose the information in or attached to the e-mail.
> Any opinions expressed within this e-mail are those of the individual and not necessarily of Diamond Light Source Ltd.
> Diamond Light Source Ltd. cannot guarantee that this e-mail or any attachments are free from viruses and we cannot accept liability for any damage which you may sustain as a result of software viruses which may be transmitted in or with the message.
> Diamond Light Source Limited (company no. 4375679). Registered in England and Wales with its registered office at Diamond House, Harwell Science and Innovation Campus, Didcot, Oxfordshire, OX11 0DE, United Kingdom
>
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list