(freeradius 3) I'm trying to integrate freeradius with active directory in cenos 7.
Marcelo Martinez
marcelo.martinez at nexa.com.uy
Thu Sep 22 20:03:31 CEST 2016
Hello,
I'M trying to test radius with active directory administrator and radtest
is showing this error:
radtest -t mschap Administrator password localhost 0 testing123
(0) Error parsing "-": ip_hton: Temporary failure in name resolution
Radius is running without errors.
The client is joined to the ad domain and ntml_auth, winbind are ok:
ntlm_auth --request-nt-key --domain=TEST --username=Administrator
–password=xxxx
Password:
NT_STATUS_OK: Success (0x0)
systemctl status winbind
● winbind.service - Samba Winbind Daemon
Loaded: loaded (/usr/lib/systemd/system/winbind.service; enabled; vendor
preset: disabled)
Active: active (running) since mar 2016-09-20 17:50:35 EDT; 1 day 5h ago
Main PID: 1658 (winbindd)
Status: "winbindd: ready to serve connections..."
CGroup: /system.slice/winbind.service
├─1658 /usr/sbin/winbindd
├─1692 /usr/sbin/winbindd
├─1777 /usr/sbin/winbindd
├─1785 /usr/sbin/winbindd
├─1816 /usr/sbin/winbindd
└─1827 /usr/sbin/winbindd
net ads testjoin
Join is OK
Any help please?
Thanks.-
On Wed, Sep 21, 2016 at 9:55 AM, Johnny R [via FreeRADIUS] <
ml-node+s1045715n5742645h79 at n5.nabble.com> wrote:
> >I think all is working, but I don't know how to test freeradius with
> active
> >directory users on localhost (radius server)
>
> I think you might want to check first (following the how-to on the main
> page):
>
> 1. if ntlm_auth / or wbinfo is working fine
> 2. then just start radius in debugging mode and test with a live AD
> user.
>
> Just my 2 cents,
>
>
> Regards,
>
> v4s[at]#unrelated | "sh3ll is just the beginning"
>
>
>
>
>
> On Wed, Sep 21, 2016 at 3:47 PM, Marcelo Martinez <
> [hidden email] <http:///user/SendEmail.jtp?type=node&node=5742645&i=0>>
> wrote:
>
> > Hello,
> >
> > Thanks alan and other users for the help.
> > I think all is working, but I don't know how to test freeradius with
> active
> > directory users on localhost (radius server)
>
> Sorry for the dumb question.
>
> >
> > Any help please?
> >
> > Thanks.-
> >
> > On Mon, Sep 19, 2016 at 5:12 PM, Marcelo Martinez <
> > [hidden email] <http:///user/SendEmail.jtp?type=node&node=5742645&i=1>>
> wrote:
> >
> > > I fixed the issue with radtest.
> > >
> > > # radtest bob hello 127.0.0.1 0 testing123
> > > Sending Access-Request Id 154 from 0.0.0.0:47029 to 127.0.0.1:1812
> > > User-Name = 'bob'
> > > User-Password = 'hello'
> > > NAS-IP-Address = 192.168.72.22
> > > NAS-Port = 0
> > > Message-Authenticator = 0x00
> > > Received Access-Accept Id 154 from 127.0.0.1:1812 to 127.0.0.1:47029
> > > length 20
> > >
> > > Thanks.-
> > >
> > > On Mon, Sep 19, 2016 at 4:58 PM, Marcelo Martinez <
> > > [hidden email] <http:///user/SendEmail.jtp?type=node&node=5742645&i=2>>
> wrote:
> > >
> > >> winbind is running
> > >>
> > >> # systemctl status winbind
> > >> ● winbind.service - Samba Winbind Daemon
> > >> Loaded: loaded (/usr/lib/systemd/system/winbind.service;
> disabled;
> > >> vendor preset: disabled)
> > >> Active: active (running) since lun 2016-09-19 16:39:35 UYT; 4min
> 43s
> > >> ago
> > >> Main PID: 4752 (winbindd)
> > >> Status: "winbindd: ready to serve connections..."
> > >> CGroup: /system.slice/winbind.service
> > >> ├─4752 /usr/sbin/winbindd
> > >> └─4753 /usr/sbin/winbindd
> > >>
> > >> sep 19 16:39:35 prueba systemd[1]: Starting Samba Winbind Daemon...
> > >> sep 19 16:39:35 prueba winbindd[4752]: [2016/09/19 16:39:35.538056,
> 0]
> > >> ../source3/winbindd/winbindd_cache.c:3235(initialize_winbindd_cache)
> > >> sep 19 16:39:35 prueba winbindd[4752]: initialize_winbindd_cache:
> > >> clearing cache and re-creating with version number 2
> > >> sep 19 16:39:35 prueba winbindd[4752]: [2016/09/19 16:39:35.542982,
> 0]
> > >> ../lib/util/become_daemon.c:124(daemon_ready)
> > >> sep 19 16:39:35 prueba winbindd[4752]: STATUS=daemon 'winbindd'
> > >> finished starting up and ready to serve connections
> > >> sep 19 16:39:35 prueba systemd[1]: Started Samba Winbind Daemon.
> > >>
> > >> My progress is fine...
> > >>
> > >> wbinfo -a Administrador%Passw0rd
> > >> plaintext password authentication failed
> > >> Could not authenticate user Administrador%Passw0rd with plaintext
> > password
> > >> challenge/response password authentication succeeded
> > >> [root at miem-radius-test raddb]# ntlm_auth --request-nt-key
> --domain=TEST
> > >> --username=Administrador --password=Passw0rd
> > >> NT_STATUS_OK: Success (0x0)
> > >>
> > >> but radtest is not working...
> > >>
> > >> radtest -t mschap bob hello localhost 0 testing123
> > >> -bash: radtest: command not found
> > >>
> > >> yum provides radtest
> > >> Complementos cargados:ps
> > >> miemrepo-base
> > >> | 3.6 kB 00:00:00
> > >> miemrepo-epel
> > >> | 4.3 kB 00:00:00
> > >> miemrepo-base/filelists_db
> > >> | 6.2 MB 00:00:00
> > >> miemrepo-epel/filelists_db
> > >> | 7.1 MB 00:00:00
> > >> freeradius-utils-3.0.4-6.el7.x86_64 : FreeRADIUS utilities
> > >> Repositorio : testrepo-base
> > >> Resultado obtenido desde:
> > >> Nombre del archivo : /usr/bin/radtest
> > >>
> > >>
> > >>
> > >> On Mon, Sep 19, 2016 at 4:34 PM, Matthew Newton [via FreeRADIUS] <
> > >> [hidden email]
> <http:///user/SendEmail.jtp?type=node&node=5742645&i=3>> wrote:
> > >>
> > >>> On Mon, Sep 19, 2016 at 03:33:02PM -0300, Marcelo Martinez wrote:
> > >>> > Any help please?
> > >>>
> > >>> As per my last e-mail...
> > >>>
> > >>> Is winbind running?
> > >>>
> > >>> Matthew
> > >>>
> > >>>
> > >>> --
> > >>> Matthew Newton, Ph.D. <[hidden email]
> > >>> <http:///user/SendEmail.jtp?type=node&node=5742624&i=0>>
> > >>>
> > >>> Systems Specialist, Infrastructure Services,
> > >>> I.T. Services, University of Leicester, Leicester LE1 7RH, United
> > >>> Kingdom
> > >>>
> > >>> For IT help contact helpdesk extn. 2253, <[hidden email]
> > >>> <http:///user/SendEmail.jtp?type=node&node=5742624&i=1>>
> > >>> -
> > >>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list
> > >>> /users.html
> > >>>
> > >>> ------------------------------
> > >>> If you reply to this email, your message will be added to the
> > discussion
> > >>> below:
> > >>> http://freeradius.1045715.n5.nabble.com/freeradius-3-I-m-try
> > >>> ing-to-integrate-freeradius-with-active-directory-in-cenos-
> > >>> 7-tp5742598p5742624.html
> > >>> To unsubscribe from FreeRADIUS, click here
> > >>> <http://freeradius.1045715.n5.nabble.com/template/
> > NamlServlet.jtp?macro=unsubscribe_by_code&node=2740692&code=
> > bWFyY2Vsby5tYXJ0aW5lekBuZXhhLmNvbS51eXwyNzQwNjkyfC0xNzQ0NzUzNjYy>
> > >>> .
> > >>> NAML
> > >>> <http://freeradius.1045715.n5.nabble.com/template/
> > NamlServlet.jtp?macro=macro_viewer&id=instant_html%
> > 21nabble%3Aemail.naml&base=nabble.naml.namespaces.
> > BasicNamespace-nabble.view.web.template.NabbleNamespace-
> > nabble.view.web.template.NodeNamespace&breadcrumbs=
> > notify_subscribers%21nabble%3Aemail.naml-instant_emails%
> > 21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
> > >>>
> > >>
> > >>
> > >
> > -
> > List info/subscribe/unsubscribe? See http://www.freeradius.org/
> > list/users.html
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
>
> ------------------------------
> If you reply to this email, your message will be added to the discussion
> below:
> http://freeradius.1045715.n5.nabble.com/freeradius-3-I-m-
> trying-to-integrate-freeradius-with-active-directory-in-cenos-7-
> tp5742598p5742645.html
> To unsubscribe from FreeRADIUS, click here
> <http://freeradius.1045715.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=2740692&code=bWFyY2Vsby5tYXJ0aW5lekBuZXhhLmNvbS51eXwyNzQwNjkyfC0xNzQ0NzUzNjYy>
> .
> NAML
> <http://freeradius.1045715.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>
More information about the Freeradius-Users
mailing list