freeRADIUS -> AD Auth (<100kb)

Rui Ribeiro ruyrybeyro at gmail.com
Wed Aug 13 12:03:31 CEST 2014 

Hi Nicolas,

I browsed a little of your error and your conf files to notice you are
still missing a LOT of bits of a standard freeradius configuration to
connect to an AD. mschap encryptition strength, configuration of EAP
tunnels and protocols, actual domain not defined in FreeRadius/proxy.conf,
and then not yet VLANs (ok, not probably at this time of the game, but you
eventually will get there).

You would better search and use in freeradius and Janet for tutorials about
configuring RADIUS for AD. It is not as simples as tweaking the config
files.

About the certificates, I hope you dont use the current ones in production,
as you just published them to the world at large.

One last note, 2.1.12 FreeRadius has serious bugs working with AD (it
works, but crashes a lot). I would recommend at least 2.2.5 or going
directly to version 3.x.

Regards,
Rui Ribeiro


> Message: 2
> Date: Wed, 13 Aug 2014 10:58:31 +0200
> From: nfischer at hush.com
> To: freeradius-users at lists.freeradius.org
> Subject: freeRADIUS -> AD Auth (<100kb)
> Message-ID: <20140813085831.79D2B60960 at smtp.hushmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Hi there!
>
> I have a problem with the auth against an Active Directory.
> I would be very thankfull if you could help me.
>
> Im tring to setup an WiFi Network where the Useres can auth with their
> AD Useraccs,
>
> Setup:
> WiFi-Router with DD-WRT
> Ubuntu 10.04LTS with FreeRADIUS kerberus samba etc.
> AD at a Windows Server 2008 SBS (Total mess never install it!)
>
> The communicatuion W-Lan Client->Router->FreeRADIUS runs.
> The Ubuntu Server is in the Domain, wbinfo -u gives me all Users.
> The auth via NTLM_AUTH runns too:
> /etc/freeradius$ ntlm_auth --request-nt-key --domain=DOMAINNAME
> --username=USERNAME
> Password:
> NT_STATUS_OK: Success (0x0)
>
> I think just FreeRADIUS is configured wrong.
> The auth fails, respectively does not take place.
>
> I put the config files and the freeradius -X output in the attachment.
> (I removed a few unimportant configfiles to not hit the 100kb limit of
> this mailinglist.)
>
> Many thanks in advance!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140813/05a0b67b/attachment.html>

More information about the Freeradius-Users mailing list