FreeRadius - Wifi - Active directory (Eap-Peap-MSCHAP)
Milka Net
pierre at milkanet.be
Thu May 5 23:19:12 CEST 2016
Sorry about the "unreadable"....
so, for the guide: all works ...
and this "$ radtest -t mschap bob hello localhost 0 testing123 --> OK" is working great succefull:
My problem is when "the laptop" does send "domain\user and pass" ... to the radius..... (again, user pass works great)
Here is the freeradius -X better layout and readibility
rad_recv: Access-Request packet from host 10.2.103.17 port 59985, id=177, length=173 User-Name = "galaxy\\test" NAS-Identifier = "44d9e7fc21c1" NAS-Port = 0 Called-Station-Id = "46-D9-E7-FD-21-C1:FreeRadius" Calling-Station-Id = "00-1E-65-22-14-C2" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11b" EAP-Message = 0x027300100167616c6178795c74657374 Message-Authenticator = 0x3d46f71089cc7034c3a6636b891a17af# Executing section authorize from file /etc/freeradius/sites-enabled/default+group authorize {++[preprocess] = ok[ntdomain] Looking up realm "galaxy" for User-Name = "galaxy\test"[ntdomain] Found realm "GALAXY"[ntdomain] Adding Stripped-User-Name = "test"[ntdomain] Adding Realm = "GALAXY"[ntdomain] Authentication realm is LOCAL.++[ntdomain] = ok[suffix] Request already proxied. Ignoring.++[suffix] = ok++[chap] = noop++[mschap] = noop++[digest] = noop[suffix] Request already proxied. Ignoring.++[suffix] = ok[eap] EAP packet type response id 115 length 16[eap] No EAP Start, assuming it's an on-going EAP conversation++[eap] = updated++[files] = noop++[expiration] = noop++[logintime] = noop[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.++[pap] = noop+} # group authorize = updatedFound Auth-Type = EAP# Executing group from file /etc/freeradius/sites-enabled/default+group authenticate {[eap] EAP Identity[eap] processing type tls[tls] Initiate[tls] Start returned 1++[eap] = handled+} # group authenticate = handledSending Access-Challenge of id 177 to 10.2.103.17 port 59985 EAP-Message = 0x017400061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf1d729faf1a330fa1233dbe164274a4fFinished request 1.Going to the next requestWaking up in 4.9 seconds.
Again, sorry, it was my first post ... ;-) Thanks
> Subject: Re: FreeRadius - Wifi - Active directory (Eap-Peap-MSCHAP)
> From: aland at deployingradius.com
> Date: Thu, 5 May 2016 17:14:13 -0400
> To: pierre at milkanet.be; freeradius-users at lists.freeradius.org
>
> On May 5, 2016, at 5:07 PM, Milka Net <pierre_dejong at hotmail.com> wrote:
> >
> > Hello,
> > I am trying to set a freeradius authentification against a MS Active directory for Wifi.
>
> Follow my guide:
>
> http://deployingradius.com/documents/configuration/active_directory.html
>
> > all went right:
> > - debian in AD
> > - net ads testjoin- wbinfo -a test- /usr/bin/ntlm_auth --request-nt-key --domain=DOM --username=u1 --password=thepassord
> > So basically: authenticating with a AD user is really fine.... even from a "windows 7" laptop is fine, AS LONG as i get prompt for the user/pass, and that I enter it in the form or USER/PASS
> > When i try to use the "automatic", so that it's the "laptop" that sends the credential, it does not work: it does send it as: DOMAIN\\USER.
> > domain: galaxy.privuser: test
> > here is the freeradius -X output.
>
> Which is mangled and unreadable.
>
> > Would you guys have any things i could test?
> > Any advice would be welcome !
>
> Follow my guide, and it will work.
>
> Alan DeKok.
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list