Oops! Thank you for pointing that out. I've changed that and now radiusd -X
loads without errors.
On to the next stage of testing.
The end goal is to get our Cisco switches to back-off login requests to Active
Directory via Freeradius.
We've got the switches talking to freeradius and can do local auth with a user
on the freeradius server but now comes the tricky bit I think.
Thanks again for your help,
Mark.
________________________________________
From: freeradius-users-bounces+mark.whitmarsh=nhs....@lists.freeradius.org
[freeradius-users-bounces+mark.whitmarsh=nhs....@lists.freeradius.org] On
Behalf Of Phil Mayers [p.may...@imperial.ac.uk]
Sent: 10 March 2010 16:21
To: freeradius-users@lists.freeradius.org
Subject: Re: Freeradius with Active Directory
On 10/03/10 15:52, Whitmarsh Mark (Leeds Teaching Hospitals NHS Trust)
wrote:
> Hi,
> I've included the ntlm_auth command line - is that what you meant by
>> can you cut and past your ntlm_auth line
>
> ntlm_auth --request-nt-key --domain=XXX.local --username=XXX
> password:
> NT_STATUS_OK: Success (0x0)
>
> =======================================
> The /etc./raddb/modules/ntlm_auth file:
> # -*- text -*-
> #
> # $Id$
> # NTLM module
> #
> # To authenticate requests using AD.
> #
> ntlm_auth {
> wait = yes
> program = "/usr/bin/ntlm_auth --request-nt-key --domain=XXX
> --username=%{mschap:User-Name} --password=%{User-Password}"
> }
This is wrong. The syntax is:
module {
options
}
...or:
module instance-name {
options
}
So you want:
exec ntlm_auth {
options
}
The "--request-nt-key" option is redundant when doing plaintext
user/password check combos - it only applies to NTLM challenge/response.
Also, you are aware this config will only authenticate PAP requests, yes?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
********************************************************************************************************************
This message may contain confidential information. If you are not the intended
recipient please inform the
sender that you have received the message in error before deleting it.
Please do not disclose, copy or distribute information in this e-mail or take
any action in reliance on its contents:
to do so is strictly prohibited and may be unlawful.
Thank you for your co-operation.
NHSmail is the secure email and directory service available for all NHS staff
in England and Scotland
NHSmail is approved for exchanging patient data and other sensitive information
with NHSmail and GSI recipients
NHSmail provides an email address for your career in the NHS and can be
accessed anywhere
For more information and to find out how you can switch, visit
www.connectingforhealth.nhs.uk/nhsmail
********************************************************************************************************************
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
