Help PLease
Michael Ströder
michael at stroeder.com
Mon Mar 30 23:40:48 CEST 2015
Adam Schappell wrote:
> # Executing section authorize from file
> /etc/raddb/sites-enabled/inner-tunnel
>
> +- entering group authorize {...}
>
> ++[chap] returns noop
>
> ++[mschap] returns noop
What mech do you want to use in the inner channel (within EAP-TTLS)?
Since my OpenLDAP server only has hashed passwords I'm using PAP with
Auth-Type LDAP inside EAP-TTLS. pap seems not to be configured in your
inner-tunnel.
Your mileage may vary.
> [ldap] expand: (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) ->
> (sAMAccountName=CORP\5caschappell)
>
> [ldap] expand: dc=corp,dc=clearedgeit,dc=com ->
> dc=corp,dc=clearedgeit,dc=com
>
> [ldap] ldap_get_conn: Checking Id: 0
>
> [ldap] ldap_get_conn: Got Id: 0
>
> [ldap] performing search in dc=corp,dc=clearedgeit,dc=com, with filter
> (sAMAccountName=CORP\5caschappell)
>
> [ldap] object not found
Why the hell did you enter the user name with NETBIOS domain prefix?
FreeRADIUS is *not* a typical Windows component using the
Windows-CrackNames-API. So just enter "aschappell" (without the quotes) as
user name.
Sorry, you should try to read more of the numerous public how-tos describing
how to attach FreeRADIUS to MS AD and analyze which mechs are used.
(I'm also rather a FreeRADIUS beginner and I read many of those how-tos recently.)
Ciao, Michael.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4272 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150330/e83b885c/attachment.bin>
More information about the Freeradius-Users
mailing list