Hello Alan You told: FreeRADIUS isn't used when a workstation joins a domain. It's used when a workstation tries to get network access. I'm agree with you because free radius will use samba to contact with AD to get or do anything with AD for authenticating process.
For your questions#:Are you using wireless for network access? Are you sure you understand what RADIUS does? 1/. I'm using wireless for network access. All wireless clients will be accessed network through authenticated with AD. It means authenticating "domain auth" (like LAN wire network) 2/. Radius will be used authenticating for user domain (this is my purpose).. And another thing I found you wrote in the email "Configuring FreeRADIUS to use ntlm_auth". The error is same with my error but my problem still happen. When i deleted line "Auth-Type = System" in users file in /etc/raddb, the authenticating happened unsuccessful. Here is messages was showed on the screen shot: rad_recv: Access-Request packet from host 192.168.200.100:32768, id=2, length=60 User-Name = "RW" User-Password = "123456" Message-Authenticator = 0x22438b18ab167a3829d92517fa60c34d Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "RW", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 modcall[authorize]: module "files" returns notfound for request 0 modcall: leaving group authorize (returns ok) for request 0 auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 2 to 192.168.200.100 port 32768 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 2 with timestamp 489168b5 Nothing to do. Sleeping until we see a request. Could you please help me check my configuration on RAS server and give some advices? Thanks, Sang Le --- On Thu, 7/31/08, Alan DeKok <[EMAIL PROTECTED]> wrote: From: Alan DeKok <[EMAIL PROTECTED]> Subject: Re: Need help on Free Radius - can't authenticate for user domain. To: "FreeRadius users mailing list" <[email protected]> Date: Thursday, July 31, 2008, 3:14 AM Le Sang wrote: > This is the first time i configure the free radius to integrate with AD > on window 2k3. After i finished installing and setting up free radius i > can authenticate for user domain. But on workstation that was joined > into domain i can't auth for this user. On the screen shot when i run > command radiusd -X for debugging radius showed: no EAP message, not > doing EAP. I used ntlm_auth with samba for authentication user daomain. FreeRADIUS isn't used when a workstation joins a domain. It's used when a workstation tries to get network access. Are you using wireless for network access? Are you sure you understand what RADIUS does? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
