freeradius and AD auth with option require-membership-of

Попов Александр pop5s at mail.ru
Wed Sep 10 07:39:45 CEST 2014



Hello, friends.
Ubuntu 14.04, freeradius 2.1.12+dfsg-1.1ubuntu0.1
I'm trying to authenticate a user through Active Directory(ntlm_auth) with option  --require-membership-of.
When I run just from the console with the option --require-membership-of = 's-1-5-21-241991751-2423211274-3836920987-1626 - everything goes well.
root at lf-mgr-02:/etc/freeradius# ntlm_auth --request-nt-key --domain=lenfi.ru --username=test2 --require-membership-of='s-1-5-21-241991751-2423211274-3836920987-1626'
Password:
NT_STATUS_OK: Success (0x0) When I add in mschap this option in debug I see:
Could not parse s-1-5-21-241991751-2423211274-3836920987-1626 into separate domain/name parts!
*** Error in `/usr/bin/ntlm_auth': free(): invalid pointer: 0x00007f13562b9e9c ***
Exec-Program output: ?▒t?▒r▒▒▒<???▒▒▒▒1▒?▒▒I?|$?H?▒??j▒▒▒▒▒r (0xc000000d)
Exec-Program-Wait: plaintext: ?▒t?▒r▒▒▒<???▒▒▒▒1▒?▒▒I?|$?H?▒??j▒▒▒▒▒r (0xc000000d)

When I try add --require-membership-of=LENFI\\wirelessusers:
Could not parse LENFILM\WirelessUsers into separate domain/name parts!
*** Error in `/usr/bin/ntlm_auth': free(): invalid pointer: 0x00007f13562b9e9c ***
Exec-Program output: ?▒t?▒r▒▒▒<???▒▒▒▒1▒?▒▒I?|$?H?▒??j▒▒▒▒▒r (0xc000000d)
Exec-Program-Wait: plaintext: ?▒t?▒r▒▒▒<???▒▒▒▒1▒?▒▒I?|$?H?▒??j▒▒▒▒▒r (0xc000000d)

Please tell me whether it is possible to add this option(--require-membership-of) in the config mschap to authenticate users of a AD group.
Thank you!




----------------------------------------------------------------------

С уважением,
Попов Александр
pop5s at mail.ru
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140910/89f308e8/attachment-0001.html>


More information about the Freeradius-Users mailing list