--- El mar, 30/9/08, Alan DeKok <[EMAIL PROTECTED]> escribió:
De: Alan DeKok <[EMAIL PROTECTED]>
Asunto: Re: freeradius compiled version (lastest) against active directory
authentication
Para: [EMAIL PROTECTED], "FreeRadius users mailing list"
<[email protected]>
Fecha: martes, 30 septiembre, 2008 3:07
luis a wrote:
> I have everything seemingly well-configured to authenticate against
> Active Directory
> but I lack the parameters under which I use the default
> ntlm_auth module
What does that mean?
Have you tried my web site (deployingradius.com) ? It has a
"howto"
for configuring authentication against Active Directory.
i all ready read it and he does not work
check it out the output
------------------------------------
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 49964, id=37, length=72
User-Name = "luis"
User-Password = "x"
NAS-IP-Address = xx.xx.xx.x
NAS-Port = 0
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "luis", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns updated
[files] WARNING: Deprecated conditional expansion ":-". See "man unlang" for
details
[files] expand: %{Stripped-User-Name:-%{User-Name}} -> luis
that warning apered after i added the line to the user config file
DEFAULT Auth-Type = Local, Password == "stealme"
..
WARNING: Found User-Password == "...".
WARNING: Are you sure you don't mean Cleartext-Password?
WARNING: See "man rlm_pap" for more information.
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
+- entering group PAP {...}
[pap] login attempt with password "x"
[pap] Using CRYPT encryption.
[pap] Passwords don't match
++[pap] returns reject
Failed to authenticate the user.
-------------------
and also when i remplace
DEFAULT Auth-Type = System
i get this message .
rad_recv: Access-Request packet from host 127.0.0.1 port 50255, id=25, length=72
User-Name = "luis"
User-Password = "x"
NAS-IP-Address = xx.xx.xx.xx
NAS-Port = 0
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "luis", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns updated
[files] WARNING: Deprecated conditional expansion ":-". See "man unlang" for
details
[files] expand: %{Stripped-User-Name:-%{User-Name}} -> luis
[files] users: Matched entry DEFAULT at line 205
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = System
+- entering group authenticate {...}
[unix] invalid password "luis"
++[unix] returns reject
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> luis
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 25 to 127.0.0.1 port 50255
Waking up in 4.9 seconds.
Cleaning up request 0 ID 25 with timestamp +4
Ready to process requests.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
