thanks --------------------------------- radtest luis x 127.0.0.1 0 123 Sending Access-Request of id 189 to 127.0.0.1 port 1812 User-Name = "luis" User-Password = "x" NAS-IP-Address = 255.255.255.255 NAS-Port = 0 rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=189, length=20 rad_verify: Received Access-Reject packet from client 127.0.0.1 port 1812 with invalid signature (err=2)! (Shared secret is incorrect.)
that means that i need to config nas server ? or do i need to config one more line in radiusd.conf ? or means that account does not har ras access ? now im receiving this rad_recv: Access-Request packet from host 127.0.0.1:44072, id=189, length=72 User-Name = "luis" User-Password = "\324\322pv\373m\025\215d\005|j\230Ys,\271\323\014\344\234>^\206\270\335\305S\343\347>D" NAS-IP-Address = 255.255.255.255 NAS-Port = 0 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "luis", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 users: Matched entry DEFAULT at line 152 modcall[authorize]: module "files" returns ok for request 0 modcall: leaving group authorize (returns ok) for request 0 rad_check_password: Found Auth-Type System auth: type "System" ERROR: Unknown value specified for Auth-Type. Cannot perform requested action. auth: Failed to validate the user. WARNING: Unprintable characters in the password. ? Double-check the shared secret on the server and the NAS! Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 189 to 127.0.0.1 port 44072 Waking up in 4 seconds... ------------------------------- --- El vie, 19/9/08, Kevin Smith <[EMAIL PROTECTED]> escribió: De: Kevin Smith <[EMAIL PROTECTED]> Asunto: RE: autentication against active directory does not work Para: "FreeRadius users mailing list" <[email protected]> Fecha: viernes, 19 septiembre, 2008 8:07 Have you verified that Samba was joined to your domain successfully using wbinfo -t? You should see " checking the trust secret via RPC calls succeeded" If that is successful try: [EMAIL PROTECTED] ~]# ntlm_auth --username your_user --password users_password --domain your_ad_domain --request-nt-key Should see: NT_STATUS_OK: Success (0x0) If the two steps above aren't successful you will need to correct those issues first before proceeding. In the mschap module my ntlm_auth configuration is as follows: ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --domain=%{mschap:NT-Domain} --username=%{mschap:User-Name} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}" Good luck. -----Original Message----- From: [EMAIL PROTECTED] g [mailto:[EMAIL PROTECTED] adius.org] On Behalf Of [EMAIL PROTECTED] Sent: Friday, September 19, 2008 3:40 PM To: [email protected] Subject: Re: autentication against active directory does not work >i have read allready the documentation at >http://deployingradius.com/documents/configuration/active_directory.htm l > Read it again. >my freeradius debug is pasted at > >http://pastebin.ca/1206001 > 1. You are using an outdated version of the server which has a default entry in users file setting Auth-Type Sistem if all else fails. Upgrade or at least comment that out since you have removed "unix" from the configuration. 2. Read the obvious WARNING in the debug and fix that. 3. You have configured AD integration (ntlm_auth) in mschap module. And then sent pap request. No wonder it's not working. Send mschap requests. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
