Have you verified that Samba was joined to your domain successfully
using wbinfo -t? You should see " checking the trust secret via RPC
calls succeeded"
If that is successful try:
[EMAIL PROTECTED] ~]# ntlm_auth --username your_user --password users_password
--domain your_ad_domain --request-nt-key
Should see: NT_STATUS_OK: Success (0x0)
If the two steps above aren't successful you will need to correct those
issues first before proceeding.
In the mschap module my ntlm_auth configuration is as follows:
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
--domain=%{mschap:NT-Domain} --username=%{mschap:User-Name}
--challenge=%{mschap:Challenge:-00}
--nt-response=%{mschap:NT-Response:-00}"
Good luck.
-----Original Message-----
From:
[EMAIL PROTECTED]
g
[mailto:[EMAIL PROTECTED]
adius.org] On Behalf Of [EMAIL PROTECTED]
Sent: Friday, September 19, 2008 3:40 PM
To: [email protected]
Subject: Re: autentication against active directory does not work
>i have read allready the documentation at
>http://deployingradius.com/documents/configuration/active_directory.htm
l
>
Read it again.
>my freeradius debug is pasted at
>
>http://pastebin.ca/1206001
>
1. You are using an outdated version of the server which has a default
entry in users file setting Auth-Type Sistem if all else fails. Upgrade
or at least comment that out since you have removed "unix" from the
configuration.
2. Read the obvious WARNING in the debug and fix that.
3. You have configured AD integration (ntlm_auth) in mschap module. And
then sent pap request. No wonder it's not working. Send mschap requests.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
