freeRADIUS -> AD Auth (<100kb)

nfischer at hush.com nfischer at hush.com
Wed Aug 13 12:38:56 CEST 2014


Hi thanks for your reply.

I followed a couple of tutorials but they don´t work for me.
Do you know a good one?
I don´t want to use VLANs at this point.

I have a question for the FreeRadius/proxy.conf
what sould it look like?

realm DOMAINNAME {
       authhost        = DomainControler.OBLAN.LOCAL:1600
       accthost        = DomainControler.OBLAN.LOCAL:1601
       secret            = testing123
}

BTW: the Domain is named oblan.local does this cause a problem?

I will use the company certs later.

Another question:
I have deactivated the service RAS&Routing on the DC.
I that necessary for freeRADIUS?

-- 
 Mit freundlichem Gruß
 Nicolas Fischer
Hi Nicolas,
I browsed a little of your error and your conf files to notice you are
still missing a LOT of bits of a standard freeradius configuration to
connect to an AD. mschap encryptition strength, configuration of EAP
tunnels and protocols, actual domain not defined in
FreeRadius/proxy.conf, and then not yet VLANs (ok, not probably at
this time of the game, but you eventually will get there). 
You would better search and use in freeradius and Janet for tutorials
about configuring RADIUS for AD. It is not as simples as tweaking the
config files. 
About the certificates, I hope you dont use the current ones in
production, as you just published them to the world at large. 
One last note, 2.1.12 FreeRadius has serious bugs working with AD (it
works, but crashes a lot). I would recommend at least 2.2.5 or going
directly to version 3.x.
Regards, Rui Ribeiro
 Message: 2
 Date: Wed, 13 Aug 2014 10:58:31 +0200
 From: nfischer at hush.com
 To: freeradius-users at lists.freeradius.org
 Subject: freeRADIUS -> AD Auth (Router->FreeRADIUS runs.
 The Ubuntu Server is in the Domain, wbinfo -u gives me all Users.
 The auth via NTLM_AUTH runns too:
 /etc/freeradius$ ntlm_auth --request-nt-key --domain=DOMAINNAME
 --username=USERNAME
 Password:
 NT_STATUS_OK: Success (0x0)
 I think just FreeRADIUS is configured wrong.
 The auth fails, respectively does not take place.
 I put the config files and the freeradius -X output in the
attachment.
 (I removed a few unimportant configfiles to not hit the 100kb limit
of
 this mailinglist.)
 Many thanks in advance!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140813/260751d8/attachment.html>


More information about the Freeradius-Users mailing list