On Mon, Mar 28, 2011 at 1:01 PM, Raheel Itrat <[email protected]> wrote: > > Well, even if I follow that guide it says to do a lot of things like as > follows: > > > "Create a file raddb/modules/ntlm_auth, and put the following text in it: > > exec ntlm_auth { > wait = yes > program = "/path/to/ntlm_auth --request-nt-key > --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}" > }" > > "You will also have to list ntlm_auth in the authenticate sections of each > the raddb/sites-enabled/default file, and of the > raddb/sites-enabled/inner-tunnel file"
AFAIK that guide was written with some assumption in mind, like: - users already now what AD is, know how to join new machines to the domain, and have sufficient access right to do so - users aready know what samba is, and know how to integrate samba to an exisisting windows domain - users are familiar enough with freeradius to create a basic working configuration (e.g. with users in /etc/raddb/users, authentication using PAP) using freeradius 2.1.x. >From a quick glance, I can't even tell what FR version you use (did you run "freeradius -X", as suggested in the FAQ http://wiki.freeradius.org/index.php/FAQ) Also, your config file has something like this program = "/etc/freeradius/modules/ntlm_auth Which is definitely wrong. For example, in ubuntu, the ntml_auth prog is /usr/bin/ntlm_auth, path of winbind/winbind4 package. So back to your problem, I suggest do some checks first and make sure you have all three above assumptions covered. If not, learn about them first. After that (and correcting some obvious problems), start with using "freeradius -X" to get the debug log. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
