Re: Freeradius + Microsoft Active Directory

Sat, 25 Feb 2006 10:19:57 -0800 

Hello,
your password crypt key is used. not become in this ethereal can't recognize.


>       Auth-Type CHAP {
>               chap
>       }
> 
>       
>       Auth-Type MS-CHAP {
>               mschap
>       }


you must show the full and state this in the file
#ls /etc/raddact
#vi radius.conf
#vi clients.conf

best regards,

--
Ozgur Karatas
CCNA & Network Engineer
Linux System Administrator
ozgur (at) ozgurkaratas dot com

> ----- Original Message -----
> From: "Natalia Escalera" <[EMAIL PROTECTED]>
> To: "FreeRadius users mailing list" <[email protected]>
> Subject: Re: Freeradius + Microsoft Active Directory
> Date: Sat, 25 Feb 2006 11:53:20 -0600
> 
> 
> Hello Mr. DeKok
> 
> Thank you for the fast response.  The  password is clear-text.  We are
> using ethereal to debug why we are getting "Operations Error" on the
> Search Result.  The Operation Errors comment is the following:
> "In order to perform this operation a successful bind must be completed."
> 
> The search request on ethereal from Freeradius to the active directory
> gives the following:
> Message Type: Search Request
> Message Length:  96
> Response In: 469
> Base DN: dc=test, dc=prt
> Scope: subtree (0x02)
> Derefence: Never (0x00)
> Size Limit: 0
> Time Limit: 4
> Attributes only: False
> Filter: (&(objectclass=person)(sAMAccountName=%u))
> Attribute: uid ????we are not sending this attribute and we do not
> know where it is specified on Freeradius
> 
> Here are the settings given for LDAP module on radius.conf and user file:
> 
> #radius.conf
> ldap {
>               server="xxx.xx.xxx.xxx"
>               
>               identity ="" # If this is suppose to be the bind dn???
>               
>               password = "mypassword"
>               basedn ="dc=test,dc=prt"
> 
>               #filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
>               filter ="(&(objectclass=person) (sAMAccountName=%u))"
> 
>               # set this to 'yes' to use TLS encrypted connections
>               # to the LDAP database by using the StartTLS extended
>               # operation.
>               # The StartTLS operation is supposed to be used with normal
>               # ldap connections instead of using ldaps (port 689) connections
>               start_tls = no
> 
>               # tls_cacertfile        = /path/to/cacert.pem
>               # tls_cacertdir         = /path/to/ca/dir/
>               # tls_certfile          = /path/to/radius.crt
>               # tls_keyfile           = /path/to/radius.key
>               # tls_randfile          = /path/to/rnd
>               # tls_require_cert      = "demand"
> 
>               # default_profile = "cn=radprofile,ou=dialup,o=My Org,c=UA"
>               # profile_attribute = "radiusProfileDn"
>               access_attr = "dialupAccess"
> 
>               # Mapping of RADIUS dictionary attributes to LDAP
>               # directory attributes.
>               dictionary_mapping = ${raddbdir}/ldap.attrmap
> 
>               ldap_connections_number = 5
> 
>               
>               timeout =5
>               timelimit =4
>               net_timeout =2
>               compare_check_items = yes
>               
>       }
> 
> authenticate {
>       
>       Auth-Type PAP {
>               pap
>       }
> 
>       
>       Auth-Type CHAP {
>               chap
>       }
> 
>       
>       Auth-Type MS-CHAP {
>               mschap
>       }
> 
>       
>       unix
> 
>       
>       
>       Auth-Type LDAP {
>               ldap
>       }
> 
>       
>       eap
> }
> 
> #users file
>       DEFAULT Auth-Type := LDAP
>       Fall-Through = 1
> 
> Can you please tell us if there is something wrong or if we are
> missing something on the configuration files?
> 
> Thanks in advance,
> Nataly
> 
> On 2/25/06, Alan DeKok <[EMAIL PROTECTED]> wrote:
> > "Natalia Escalera" <[EMAIL PROTECTED]> wrote:
> > > I am setting up freeradius with Microsoft Active Directory. So far, I
> > > am able to connect to the server but not to authenticate a user. Can
> > > you  please give me a hint of how the configuration files need to be
> > > set in order to authenticate the user.
> >
> >  If the RADIUS packets have clear-text passwords, then the normal
> > LDAP module should work.  If you're using PEAP or MS-CHAP, read
> > "radiusd.conf",m and use "ntlm_auth".
> >
> > > Also, what is "3D" used for? (Example: server =3D your.ad.server.org ...)
> >
> >  Nothing.  It's an artifact of stupid mailers.  3D is ASCII for '='.
> >
> >  Alan DeKok.
> >
> > -
> > List info/subscribe/unsubscribe? See 
> > http://www.freeradius.org/list/users.html
> >
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

>



+-+-+-+ BEGIN PGP SIGNATURE +-+-+-+
Version: GnuPG v1.4.2 (GNU/Linux)
   .-.      .-.    _              
   : :      : :   :_;             
 .-' : .--. : `-. .-. .--.  ,-.,-.
' .; :' '_.'' .; :: :' .; ; : ,. :
`.__.'`.__.'`.__.':_;`.__,_;:_;:_;

Kai "Ozgur" Geek
Network Engineer
PGP ID: B1B63B6E
+-+-+-+ END PGP SIGNATURE +-+-+-+


-- 
_______________________________________________
Check out the latest SMS services @ http://www.linuxmail.org
This allows you to send and receive SMS through your mailbox.

Powered by Outblaze

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to