Freeradius with Active Directory
Stefan Paetow
Stefan.Paetow at ja.net
Mon Jun 16 14:56:05 CEST 2014
Ahhh, I failed to notice the bit there... Is your domain on the AD server 'MYCOMPANY' (based on your domain of 'mycompany.local')?
Use the NetBIOS name of the domain (the one you would see in the Windows domain selector in the Ctrl+Alt+Del screen).
Stefan
From: Prashant A [mailto:dev1278977 at gmail.com]
Sent: 16 June 2014 13:31
To: FreeRadius users mailing list; Stefan Paetow
Subject: Re: Freeradius with Active Directory
Hi Stefan,
Thanks for the reply.
I have already added that in my module.
program = "/usr/bin/ntlm_auth --request-nt-key --domain=mycompany.local --username=%{mschap:User-Name} --password=%{User-Password}"
I am getting valid response for
radtest -t mschap prashant Active at 123 localhost 0 testing123
-
Prashant
On Monday 16 June 2014 05:49 PM, Stefan Paetow wrote:
Well, the message is very clear. There is no domain in the username.
You can either try to enter 'DOMAIN\prashant' (where DOMAIN is the domain of your Active Directory) and let one of the modules deal with it, or you can modify the ntlm_auth command-line and specify it there.
Stefan
From: freeradius-users-bounces+stefan.paetow=ja.net at lists.freeradius.org<mailto:freeradius-users-bounces+stefan.paetow=ja.net at lists.freeradius.org> [mailto:freeradius-users-bounces+stefan.paetow=ja.net at lists.freeradius.org] On Behalf Of Prashant A
Sent: 16 June 2014 13:06
To: freeradius-users at lists.freeradius.org<mailto:freeradius-users at lists.freeradius.org>; dev1278977 at gmail.com<mailto:dev1278977 at gmail.com>
Subject: Freeradius with Active Directory
Hi All,
I have followed the guide for integrating freeradius with active directory which is mentioned here,
http://deployingradius.com/documents/configuration/active_directory.html
So finally,
radtest -t mschap prashant Active at 123 localhost 0 testing123
Gives me following output
Sending Access-Request Id 40 from 0.0.0.0:54825 to 127.0.0.1:1812
User-Name = 'prashant'
NAS-IP-Address = 127.0.1.1
NAS-Port = 0
Message-Authenticator = 0x00
MS-CHAP-Challenge = 0x42b125cb7f6408b4
MS-CHAP-Response = 0x0001000000000000000000000000000000000000000000000000c82b9abb20333db96efcb1f93beb602b39ebbd007a8c0392
Received Access-Accept Id 40 from 127.0.0.1:1812 to 127.0.0.1:54825 length 84
MS-CHAP-MPPE-Keys = 0x
MS-MPPE-Encryption-Policy = Encryption-Allowed
MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
But when I try to login from webpage I am getting following response
(0) mschap : Client is using MS-CHAPv2
(0) mschap : Executing: /usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name:-None} --domain=%{%{mschap:NT-Domain}:-mycompany.local} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}
(0) mschap : EXPAND --username=%{mschap:User-Name:-None}
(0) mschap : --> --username=prashant
(0) ERROR: mschap : No NT-Domain was found in the User-Name
(0) mschap : EXPAND --domain=%{%{mschap:NT-Domain}:-mycompany.local}
(0) mschap : --> --domain=mycompany.local
(0) mschap : Creating challenge hash with username: prashant
(0) mschap : EXPAND --challenge=%{mschap:Challenge:-00}
(0) mschap : --> --challenge=e5d49180d36eb904
(0) mschap : EXPAND --nt-response=%{mschap:NT-Response:-00}
(0) mschap : --> --nt-response=0000000e0000000000000000000000000000000000000000
(0) ERROR: mschap : Program returned code (1) and output 'Logon failure (0xc000006d)'
(0) mschap : External script failed.
(0) ERROR: mschap : External script says: Logon failure (0xc000006d)
(0) ERROR: mschap : MS-CHAP2-Response is incorrect
(0) [mschap] = reject
(0) } # Auth-Type MS-CHAP = reject
Can somebody help me to understand what exactly the issue. I am using FreeRADIUS Version 3.0.3 and Samba version 3.6.3.
Thanks & Regards,
Prashant
Janet(UK) is a trading name of Jisc Collections and Janet Limited, a
not-for-profit company which is registered in England under No. 2881024
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Janet(UK) is a trading name of Jisc Collections and Janet Limited, a
not-for-profit company which is registered in England under No. 2881024
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140616/a6a5c520/attachment.html>
More information about the Freeradius-Users
mailing list