Freeradius with Active Directory
Prashant A
dev1278977 at gmail.com
Mon Jun 16 14:31:06 CEST 2014
Hi Stefan,
Thanks for the reply.
I have already added that in my module.
program = "/usr/bin/ntlm_auth --request-nt-key --domain=mycompany.local
--username=%{mschap:User-Name} --password=%{User-Password}"
I am getting valid response for
radtest -t mschap prashant Active at 123 localhost 0 testing123
-
Prashant
On Monday 16 June 2014 05:49 PM, Stefan Paetow wrote:
>
> Well, the message is very clear. There is no domain in the username.
>
> You can either try to enter 'DOMAIN\prashant' (where DOMAIN is the
> domain of your Active Directory) and let one of the modules deal with
> it, or you can modify the ntlm_auth command-line and specify it there.
>
> Stefan
>
> *From:*freeradius-users-bounces+stefan.paetow=ja.net at lists.freeradius.org
> [mailto:freeradius-users-bounces+stefan.paetow=ja.net at lists.freeradius.org]
> *On Behalf Of *Prashant A
> *Sent:* 16 June 2014 13:06
> *To:* freeradius-users at lists.freeradius.org; dev1278977 at gmail.com
> *Subject:* Freeradius with Active Directory
>
> Hi All,
>
> I have followed the guide for integrating freeradius with active
> directory which is mentioned here,
>
> http://deployingradius.com/documents/configuration/active_directory.html
>
> So finally,
>
> radtest -t mschap prashant Active at 123 localhost 0 testing123
>
> Gives me following output
>
> Sending Access-Request Id 40 from 0.0.0.0:54825 to 127.0.0.1:1812
> User-Name = 'prashant'
> NAS-IP-Address = 127.0.1.1
> NAS-Port = 0
> Message-Authenticator = 0x00
> MS-CHAP-Challenge = 0x42b125cb7f6408b4
> MS-CHAP-Response =
> 0x0001000000000000000000000000000000000000000000000000c82b9abb20333db96efcb1f93beb602b39ebbd007a8c0392
> Received Access-Accept Id 40 from 127.0.0.1:1812 to 127.0.0.1:54825
> length 84
> MS-CHAP-MPPE-Keys = 0x
> MS-MPPE-Encryption-Policy = Encryption-Allowed
> MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
>
> But when I try to login from webpage I am getting following response
>
> (0) mschap : Client is using MS-CHAPv2
> (0) mschap : Executing: /usr/bin/ntlm_auth --request-nt-key
> --username=%{mschap:User-Name:-None}
> --domain=%{%{mschap:NT-Domain}:-mycompany.local}
> --challenge=%{mschap:Challenge:-00}
> --nt-response=%{mschap:NT-Response:-00}
> (0) mschap : EXPAND --username=%{mschap:User-Name:-None}
> (0) mschap : --> --username=prashant
> (0)*ERROR: mschap : No NT-Domain was found in the User-Name*
> (0) mschap : EXPAND --domain=%{%{mschap:NT-Domain}:-mycompany.local}
> (0) mschap : --> --domain=mycompany.local
> (0) mschap : Creating challenge hash with username: prashant
> (0) mschap : EXPAND --challenge=%{mschap:Challenge:-00}
> (0) mschap : --> --challenge=e5d49180d36eb904
> (0) mschap : EXPAND --nt-response=%{mschap:NT-Response:-00}
> *(0) mschap : -->
> --nt-response=0000000e0000000000000000000000000000000000000000**
> (0) ERROR: mschap : Program returned code (1) and output 'Logon
> failure (0xc000006d)'*
> (0) mschap : External script failed.
> (0) ERROR: mschap : External script says: Logon failure (0xc000006d)
> (0) ERROR: mschap : MS-CHAP2-Response is incorrect
> (0) [mschap] = reject
> (0) } # Auth-Type MS-CHAP = reject
>
> Can somebody help me to understand what exactly the issue. I am using
> FreeRADIUS Version 3.0.3 and Samba version 3.6.3.
>
> Thanks & Regards,
> Prashant
>
> Janet(UK) is a trading name of Jisc Collections and Janet Limited, a
> not-for-profit company which is registered in England under No. 2881024
> and whose Registered Office is at Lumen House, Library Avenue,
> Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140616/cabf5336/attachment-0001.html>
More information about the Freeradius-Users
mailing list