FreeRadius, Eduroam, and me...

Alan DeKok aland at deployingradius.com
Mon Jun 22 19:03:17 CEST 2020


On Jun 22, 2020, at 12:33 PM, Tim Young <Tim.Young at LightSys.org> wrote:
> 
> As per some help from some of you all, I nuked the previous config and walked through configuring from scratch.  I am getting a bit farther, but still have some issues.   I am now testing through an eduroam web-sign-in, where the actual main requests will come from.  It appears to successfully authenticate via ntlm_auth, but then rejects me.

  OK.

> The below is an entirely different config than I had originally posted.  I have done a search/replace on the user/domain/password just because I do not like dumping that info onto the internet.

  Sure.

> ...
> (1) eap: No EAP-Message, not doing EAP
> (1)     [eap] = noop
> (1)     [files] = noop
> (1) ntlm_auth: Executing: /usr/bin/ntlm_auth --request-nt-key --domain=my.domain.edu --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} --password=%{User-Password}:
> (1) ntlm_auth: EXPAND --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}}
> (1) ntlm_auth:    --> --username=mytextusername
> (1) ntlm_auth: EXPAND --password=%{User-Password}
> (1) ntlm_auth:    --> --password=mypassinplaintext
> (1) ntlm_auth: Program returned code (0) and output 'NT_STATUS_OK: The operation completed successfully. (0x0)'
> (1) ntlm_auth: Program executed successfully
> (1)     [ntlm_auth] = ok

  Why is ntlm_auth listed in the "authorize" section?

  My guide is pretty clear on where it goes:

http://deployingradius.com/documents/configuration/active_directory.html

  Alan DeKok.




More information about the Freeradius-Users mailing list