Help authenticating to Active Directory
Alan DeKok
aland at deployingradius.com
Sun Sep 3 19:23:59 CEST 2017
On Sep 3, 2017, at 1:12 PM, Jarett DeAngelis <jarett at bioteam.net> wrote:
>
> I am trying to set up FreeRADIUS such that it can authenticate users for OpenVPN via Active Directory and pass a challenge back for a one-time passcode for two-factor authentication. Step one is getting AD authentication working, which appears to work fine when I do an ntlm_auth check except that FreeRADIUS denies the login. Can someone help me figure out what I’m doing wrong?
Follow my guide: http://deployingradius.com/documents/configuration/active_directory.html
It will work.
> Here is a log of a radtest login:
...
> +group authorize {
> ++[preprocess] = ok
> [ntlm_auth] expand: --username=%{mschap:User-Name} -> --username=fakeuser
> [ntlm_auth] expand: --password=%{User-Password} -> --password=fakepassword
> Exec output: NT_STATUS_OK: Success (0x0)
> Exec plaintext: NT_STATUS_OK: Success (0x0)
> [ntlm_auth] Exec: program returned: 0
That's nice, but it doesn't tell the server that the user has been authenticated.
> ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
> Failed to authenticate the user.
That should tell you something's wrong.
Follow the guide. It will work.
Alan DeKok.
More information about the Freeradius-Users
mailing list