FreeRadius, Eduroam, and me...
Alan DeKok
aland at deployingradius.com
Mon Jun 22 19:03:17 CEST 2020
On Jun 22, 2020, at 12:33 PM, Tim Young <Tim.Young at LightSys.org> wrote:
>
> As per some help from some of you all, I nuked the previous config and walked through configuring from scratch. I am getting a bit farther, but still have some issues. I am now testing through an eduroam web-sign-in, where the actual main requests will come from. It appears to successfully authenticate via ntlm_auth, but then rejects me.
OK.
> The below is an entirely different config than I had originally posted. I have done a search/replace on the user/domain/password just because I do not like dumping that info onto the internet.
Sure.
> ...
> (1) eap: No EAP-Message, not doing EAP
> (1) [eap] = noop
> (1) [files] = noop
> (1) ntlm_auth: Executing: /usr/bin/ntlm_auth --request-nt-key --domain=my.domain.edu --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} --password=%{User-Password}:
> (1) ntlm_auth: EXPAND --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}}
> (1) ntlm_auth: --> --username=mytextusername
> (1) ntlm_auth: EXPAND --password=%{User-Password}
> (1) ntlm_auth: --> --password=mypassinplaintext
> (1) ntlm_auth: Program returned code (0) and output 'NT_STATUS_OK: The operation completed successfully. (0x0)'
> (1) ntlm_auth: Program executed successfully
> (1) [ntlm_auth] = ok
Why is ntlm_auth listed in the "authorize" section?
My guide is pretty clear on where it goes:
http://deployingradius.com/documents/configuration/active_directory.html
Alan DeKok.
More information about the Freeradius-Users
mailing list