Tim,
Follow the instructions under "FreeRADIUS Configuration" (pg 29) exactly.
This will configure Samba and ntlm_auth to do authentication against your AD.
FreeRADIUS will happily do MSCHAP auth, used it for years in FR's predecessor
CistronRADIUS.
This is probably the only thing that I HAVEN'T screwed up while playing with
this thing ;^).
Once you have FR setup, create the RADIUS source like this:
Name: FreeRADIUS
Description: Authenticate against the local RADIUS server
Host: 127.0.0.1:18120 <-- Note the port, it's NOT the default for the
localhost RADIUS access!
Secret: testing123
You'll notice this is the stuff from the last test you run on the FR server
setup procedure. If that "radtest..." command gives you the correct result
(e.g. "Access-Accept" for good users, and "Access-Deny" for bad users), then
this will work as well.
Once that's done, create your rule(s) to set the user's role and access
duration.
Don
From: Palmer, Tim [mailto:[email protected]]
Sent: Thursday, June 06, 2013 4:13 PM
To: [email protected]
Subject: [PacketFence-users] Radius authentication
Hello all, hoping this isn't too silly a question.
I'm unclear on how the authentication sources work with freeradius.
Specifically:
* The included Radius source doesn't support mschap, as I was told in
answer to an earlier question
* So, if I need to authenticate against a Windows NPS system (PEAP), should
I not create a Radius source, and only configure freeradius to proxy the realms
I'm concerned with?
* Or should I have the Radius source and the proxy configuration, and if I
haven't gotten that to work, its my freeradius proxy config that's at fault,
not the presence of the Radius auth source?
Best regards,
Tim Palmer
------------------------------------------------------------------------------
How ServiceNow helps IT people transform IT departments:
1. A cloud service to automate IT design, transition and operations
2. Dashboards that offer high-level views of enterprise services
3. A single system of record for all IT processes
http://p.sf.net/sfu/servicenow-d2d-j
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
