Hi Alan, Thanks for your answers and excuse me for my english fill of mistakes.
2011/11/10 Alan DeKok <[email protected]> > Alejandro Gandara wrote: > > I'm authenticating users in RADIUS against LDAP, if I login from > > computer with 802.1x configured and users and password taken from domain > > automatic. Im getting wrong authenticated because the login has the > > following chain. > > > > DOMAIN\\Users > > > > How can i avoid that radius read the prefix? > > You should be able to authenticate using just the user name, using > ntlm_auth. See the examples in raddb/modules/ntlm_auth > Im reading about it. Thanks for this information. > > > I've tried to introduce the option prefix in /etc/sites-enable/default , > > but its getting me back errors because of wrong way to introduce that > line. > > Yes. Don't define a realm. It won't work. > > Post the debug output. That helps, too. > This is my debug output: rad_recv: Access-Request packet from host 172.20.40.28 port 1025, id=112, length=218 Framed-MTU = 1480 NAS-IP-Address = 172.20.40.28 NAS-Identifier = "SW-INT-1-3" User-Name = "PRIVATE\\usertest" Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 32 NAS-Port-Type = Ethernet NAS-Port-Id = "32" Called-Station-Id = "f0-62-81-05-33-40" Calling-Station-Id = "f0-4d-a2-bc-77-cd" Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1" EAP-Message = 0x020a0012014f50544152455c62726f75636f Message-Authenticator = 0x055981a2c542df52f4c292042c89a019 [ldap] performing user authorization for usertest [ldap] expand: %{Stripped-User-Name} -> [ldap] ... expanding second conditional [ldap] expand: %{User-Name} -> usertest [ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=usertest) [ldap] expand: dc=private,dc=loc -> dc=private,dc=loc [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] attempting LDAP reconnection [ldap] (re)connect to 172.20.52.206:389, authentication 0 [ldap] bind as cn=raddbuser,dc=private,dc=loc/password to 172.20.52.206:389 [ldap] waiting for bind result ... [ldap] Bind was successful [ldap] performing search in dc=pruebas,dc=loc, with filter (uid=usertest) [ldap] No default NMAS login sequence [ldap] looking for check items in directory... [ldap] sambaNtPassword -> NT-Password == 0x3245334230434533423046383434414238374145393237384141453730393331 [ldap] looking for reply items in directory... [ldap] radiusTunnelPrivateGroupId -> Tunnel-Private-Group-Id:0 = "01" [ldap] radiusTunnelMediumType -> Tunnel-Medium-Type:0 = IEEE-802 [ldap] radiusTunnelType -> Tunnel-Type:0 = VLAN [ldap] radiusFramedIPAddress -> Framed-IP-Address = 192.45.51.9 [ldap] user brouco authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok [eap] EAP packet type response id 10 length 18 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[expiration] returns noop ++[logintime] returns noop Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} *[eap] Identity does not match User-Name, setting from EAP Identity.* [eap] Failed in handler ++[eap] returns invalid Failed to authenticate the user. Login incorrect: [usertest/<via Auth-Type = EAP>] (from client privradius port 32 cli f0-4d-a2-bc-77-cd) Using Post-Auth-Type Reject WARNING: Unknown value specified for Post-Auth-Type. Cannot perform requested action. # Executing group from file /etc/freeradius/sites-enabled/default Thanks for all Alan. Regards, Alejandro Gándara > Alan DeKok. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
