Tim,
I gave up on AD for right now and moved over to FR for all my authentication
against the AD Server. I'd like to get it to assigning rolls based on group
membership, but for right now I have some higher priority stuff to get working,
then I can come back and untangle the AD stuff.
Don
From: Palmer, Tim [mailto:[email protected]]
Sent: Friday, June 07, 2013 7:48 PM
To: [email protected]
Subject: Re: [PacketFence-users] Radius authentication
Don,
Thanks for responding in such detail - I'll give a look on Monday. I've been
fantasizing that I didn't need to do the full ntlm setup cause FR would
transparently proxy the authentication. Time to face reality, I suppose. The
Radius Source does work nicely directly to my NPS rig, but only for PAP.
Were you able to figure out your AD issue? You're trying to do role assignment
based on AD groups or something along those lines? That's my next step after
getting PF/FR talking to our NPS system.
tim
________________________________
From: Don Greer [[email protected]]
Sent: Friday, June 07, 2013 9:16 AM
To: [email protected]
Subject: Re: [PacketFence-users] Radius authentication
Tim,
Follow the instructions under "FreeRADIUS Configuration" (pg 29) exactly.
This will configure Samba and ntlm_auth to do authentication against your AD.
FreeRADIUS will happily do MSCHAP auth, used it for years in FR's predecessor
CistronRADIUS.
This is probably the only thing that I HAVEN'T screwed up while playing with
this thing ;^).
Once you have FR setup, create the RADIUS source like this:
Name: FreeRADIUS
Description: Authenticate against the local RADIUS server
Host: 127.0.0.1:18120 <-- Note the port, it's NOT the default for the
localhost RADIUS access!
Secret: testing123
You'll notice this is the stuff from the last test you run on the FR server
setup procedure. If that "radtest..." command gives you the correct result
(e.g. "Access-Accept" for good users, and "Access-Deny" for bad users), then
this will work as well.
Once that's done, create your rule(s) to set the user's role and access
duration.
Don
From: Palmer, Tim [mailto:[email protected]]
Sent: Thursday, June 06, 2013 4:13 PM
To: [email protected]
Subject: [PacketFence-users] Radius authentication
Hello all, hoping this isn't too silly a question.
I'm unclear on how the authentication sources work with freeradius.
Specifically:
* The included Radius source doesn't support mschap, as I was told in
answer to an earlier question
* So, if I need to authenticate against a Windows NPS system (PEAP), should
I not create a Radius source, and only configure freeradius to proxy the realms
I'm concerned with?
* Or should I have the Radius source and the proxy configuration, and if I
haven't gotten that to work, its my freeradius proxy config that's at fault,
not the presence of the Radius auth source?
Best regards,
Tim Palmer
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
