FR with Active Directory
Rado Matisko
rado.matisko2 at gmail.com
Thu Apr 10 13:57:59 CEST 2014
Hi I want to set up my FR to connect to AD, which is on another host.
I was following this tutorial :
http://deployingradius.com/documents/configuration/active_directory.html
I configured smb.conf and then krb5.conf and then this works great :
ntlm_auth --request-nt-key --domain=*MYDOMAIN* --username=*user* --password=
*password*
*root at friradius:/# ntlm_auth --request-nt-key --domain=FRI
--username=hajtmanek --password=<password> NT_STATUS_OK: Success (0x0)*
Then I configured FR :
> commented "files" in sites-available/default and inner-tunnel and added ntlm_auth
in authorize section
> changed /modules/ntlm_auth
After running *radtest* I get this debug :
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "eduroam", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication
may fail because of this.
++[pap] returns noop
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting
the user
Failed to authenticate the user.
Login incorrect: [eduroam] (from client localhost port 0)
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> eduroam
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Apparently I'm missing something but tried to follow tutorial.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140410/1d6aecd7/attachment.html>
More information about the Freeradius-Users
mailing list