Burton, Steven wrote:
-----Original Message-----
From:
[EMAIL PROTECTED]
ists.freer
adius.org
[mailto:freeradius-users-bounces+sburton=shepherd-construction
[EMAIL PROTECTED]
ts.freeradius.org]On Behalf Of Alan DeKok
Sent: 11 April 2006 16:28
To: FreeRadius users mailing list
Subject: Re: How do I set up simple AD integration?
"Burton, Steven" <[EMAIL PROTECTED]> wrote:
This stanza is a enclosed with the mschap section, still
nothing ventured....
I changed the line and unfolded it and ran radiusd -X. The first
request didn't match anything usefull and was rejected by System. I
tried again but ticked the box 'CHAP' on NTRadPing and got the
output:
You can't do CHAP to MS AD. It's impossible.
Alan DeKok.
My bad! I'd been staring at mschap all day and I saw chap and thought mschap.
I still hope to get 802.1x working with FR before I'm told to stop wasting time
and buy something :-) but after two and a half days (on and off) I'm no closer.
Steve,
I strongly suggest you start off doing PEAP against the 'users' file,
and once that's working get the domain stuff working.
It sounds to me like you're trying to do too much at once, and too many
things are broken for you to know where to start!
Once you've got PEAP working against the 'users' file, create a machine
account in the AD for the RADIUS server (using the Samba tools) and then
use the ntlm_auth program (that comes with Samba) to test standard
authentication.
Once you've got that far, it's just a matter of configuring FreeRADIUS
to use ntlm_auth. But you can worry about that later :-)
This isn't difficult, it's largely a matter of making sure you do the
right steps in the right order...
best regards, josh.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
