Re: Freeradius and Windows 2003 Active Directory Authentication (2)
It sounded to me like you were saying I will never get radius to authenticate vs my ldap directory. Anyway I fixed the problem and now authenticate. I needed to change that users file to use LDAP as the DEFAULT Auth-Type and it now authenticates. I now have to figure out a L2TPNS problem I am having (kills my network on startup) and get that to handle auth requests which it passes to ldap via radius. On 7/27/05, Alan DeKok <[EMAIL PROTECTED]> wrote: > Tim P <[EMAIL PROTECTED]> wrote: > > I am trying to get a l2tpns server to authenticate to freeradius that > > takes it's userbase from windows 2003 active directory. Are you > > saying then that there is no way for me to use ldap as my user store? > > What part of my response was unclear? > > Alan DeKok. > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius and Windows 2003 Active Directory Authentication (2)
Tim P <[EMAIL PROTECTED]> wrote: > I am trying to get a l2tpns server to authenticate to freeradius that > takes it's userbase from windows 2003 active directory. Are you > saying then that there is no way for me to use ldap as my user store? What part of my response was unclear? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius and Windows 2003 Active Directory Authentication (2)
I am trying to get a l2tpns server to authenticate to freeradius that takes it's userbase from windows 2003 active directory. Are you saying then that there is no way for me to use ldap as my user store? On 7/26/05, Alan DeKok <[EMAIL PROTECTED]> wrote: > Tim P <[EMAIL PROTECTED]> wrote: > > I am having trouble getting my radius setup to authenticate to windows > > 2003 active directory. > > That will work only for PAP, if that's all you need. > > > radiusd.conf - I didn't find a system or System auth type, did I > > miss something? > > See the "users" file: > > > users: Matched entry DEFAULT at line 152 > > Alan DeKok. > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius and Windows 2003 Active Directory Authentication (2)
Tim P <[EMAIL PROTECTED]> wrote: > I am having trouble getting my radius setup to authenticate to windows > 2003 active directory. That will work only for PAP, if that's all you need. > radiusd.conf - I didn't find a system or System auth type, did I > miss something? See the "users" file: > users: Matched entry DEFAULT at line 152 Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius and Windows 2003 Active Directory Authentication (2)
Previous post sent before I was done, here is the full post:
I am having trouble getting my radius setup to authenticate to windows
2003 active directory.
when using the following string "radtest administrator "password"
localhost 2 radiussecret
rad_recv: Access-Request packet from host 127.0.0.1:32775, id=240, length=65
User-Name = "administrator"
User-Password = "password"
NAS-IP-Address = 255.255.255.255
NAS-Port = 2
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "administrator", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 0
users: Matched entry DEFAULT at line 152
modcall[authorize]: module "files" returns ok for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for administrator
radius_xlat: '(sAMAccountName=administrator)'
radius_xlat: 'dc=company,dc=org'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to gtds-domcon.gtdsolutions.org:389, authentication 0
rlm_ldap: bind as cn=administrator,cn=Users,dc=company,dc=org/password
to domcon.company.org:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in dc=company,dc=org, with filter
(sAMAccountName=administrator)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user administrator authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type System
auth: type "System"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
modcall[authenticate]: module "unix" returns notfound for request 0
modcall: group authenticate returns notfound for request 0
auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0
radiusd.conf - I didn't find a system or System auth type, did I
miss something?
ldap {
server = "domcon.company.org"
basedn = "dc=company,dc=org"
filter = "(sAMAccountName=%u)"
password_attribute = "userPassword"
identity = "cn=administrator,cn=Users,dc=company,dc=org"
password = password
ldap# this is enabled
Auth-Type LDAP {
ldap
}
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius and Windows 2003 Active Directory Authentication
I am having trouble getting my radius setup to authenticate to windows
2003 active directory.
when using the following string "
radiusd.conf
ldap {
server = "gtds-domcon.gtdsolutions.org"
basedn = "dc=gtdsolutions,dc=org"
filter = "(sAMAccountName=%u)"
password_attribute = "userPassword"
identity = "cn=administrator,cn=Users,dc=gtdsolutions,dc=org"
password = pantera
ldap
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
