Phil Mayers wrote: >Garcia Herguedas, Unai wrote: >> Hi, >> >> I´m having a problem deploying a FreeRadius server to authenticate >> Wireless users with an Active Directory. >> >> >> >> If I execute in a shell the ntlm_auth with the same parameters as the >> log pointed I get an NT Key, so don´t really know why it's not >> working. I have tried varius solutions founded in internet without >> success. > >Are you sure that the radius daemon user has permissions to run winbind? >Check the permissions on /var/lib/samba/winbindd_privileged and also any >SELinux policy, if you're running an SELinux-enabled distro.
I don't have an /var/lib/samba/winbindd_privileged. I have /var/run/samba/winbindd_privileged which I assume is what you are referring. The permissionas are as follow: drwxr-x--- 2 root winbindd_priv 4096 2009-12-01 10:28 winbindd_privileged And the user freerad is part of the winbindd_priv group: winbindd_priv:x:105:freerad Don't have SELinux or AppArmor. >> BTW, The entire log is attached (edited user, challenge.....). If >> needed I can send conf files. > >That's not helpful. Please run "radiusd -X" and send the output of a >failing request. Please don't edit it unless you're certain the edits >are for irrelevant security-critical data (the mschap challenge & >response are not dangerous to disclose) The log that I attached previously was obtained with freeradius -X -xx -l /var/log/freeradius/radius.log - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
