Hi,
Someone can tell me where I can find a step-by-step instructions on
freeradius + Active Directory ?
Thank´s
--
Att,
Maiquel
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Does this help?
http://deployingradius.com/documents/configuration/active_directory.html
--
Blake Covarrubias
On Nov 8, 2012, at 3:09 PM, Maiquel Consalter maiquelconsal...@gmail.com
wrote:
Hi,
Someone can tell me where I can find a step-by-step instructions on
freeradius + Active
On 8 Nov 2012, at 22:09, Maiquel Consalter maiquelconsal...@gmail.com wrote:
Hi,
Someone can tell me where I can find a step-by-step instructions on
freeradius + Active Directory ?
http://lmgtfy.com/?q=deploying+freeradius+with+activedirectory
-Arran
-
List info/subscribe/unsubscribe?
Hi all,
hopefully i got to the right group of people.
We are trying to use Freeradius to do PEAP/MSCHAPv2
authentication against Active Directory (2003). Our realm is
abc.acme.edu, but since Eduroam doesn't allow subdomain, end user has
to use b...@acme.edu instead b...@abc.acme.edu as
On 13/10/2011 21:16, Kevin Chan wrote:
Hi all,
hopefully i got to the right group of people.
We are trying to use Freeradius to do PEAP/MSCHAPv2
authentication against Active Directory (2003). Our realm is
abc.acme.edu, but since Eduroam doesn't allow subdomain, end user has
to use
On 13/10/2011 21:35, James J J Hooper wrote:
On 13/10/2011 21:16, Kevin Chan wrote:
Hi all,
hopefully i got to the right group of people.
We are trying to use Freeradius to do PEAP/MSCHAPv2
authentication against Active Directory (2003). Our realm is
abc.acme.edu, but since Eduroam doesn't
Hi,
We are trying to use Freeradius to do PEAP/MSCHAPv2
authentication against Active Directory (2003). Our realm is
abc.acme.edu, but since Eduroam doesn't allow subdomain, end user has
to use b...@acme.edu instead b...@abc.acme.edu as username.
you shouldnt send your own sub domains
hi,
dont really care about config - radiusd -X output please
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Yao Konou wrote:
Can you guide on how fix it .
Follow the documentation, including the documentation for what
information to post to the list.
This is a rar file with my user + ntlm_auth + mschap +
site-enable/default conf.
That information is probably useless.
Post the debug
@lists.freeradius.org
[mailto:freeradius-users-bounces+ykonou=amr-services@lists.freeradius.org]
De la part de Alan Buxey
Envoyé : mercredi 13 avril 2011 10:49
À : FreeRadius users mailing list
Objet : Re: unable to authenticate freeradius+AD
hi,
dont really care about config - radiusd
hi,
looks like PC not properly responding have you got the RADIUS server
CA on the client? (ie does the client know the CA and trust it?)
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-users-bounces+ykonou=amr-services@lists.freeradius.org
[mailto:freeradius-users-bounces+ykonou=amr-services@lists.freeradius.org]
De la part de Alan Buxey
Envoyé : mercredi 13 avril 2011 11:12
À : FreeRadius users mailing list
Objet : Re: unable to authenticate freeradius+AD
hi,
looks like
@lists.freeradius.org
[mailto:freeradius-users-bounces+ykonou=amr-services@lists.freeradius.org]
De la part de Yao Konou
Envoyé : lundi 11 avril 2011 15:56
À : freeradius-users@lists.freeradius.org
Objet : unable to authenticate freeradius+AD
Hi all,
I need your help to fix a problem in an AD
Auftrag von Yao Konou
Gesendet: Dienstag, 12. April 2011 15:53
An: FreeRadius users mailing list
Betreff: RE: unable to authenticate freeradius+AD
SOS - is somebody around to HELP ME
Yao Thierry Konou
AMR SERVICES
11 Rue du Petit Châtelier CS90346
44303 NANTES CEDEX 3
Tel : 02 28 44 19 80 - Fax
Hi all,
I need your help to fix a problem in an AD configuration with Freeradius
My platform : Freeradius + samba + AD ( windows 2003).
The PB : unable to authenticate AD users
This the debug of the authentication of an AD user on the server
Regards.
Yao Thierry Konou
AMR SERVICES
11 Rue
Kleber Larroyd wrote:
If you can't be bothered to explain *why* you're doing this, and
*what* is going wrong, then we can't be bothered to read the reams of
data you posted.
It also helps to *read* the debug output. Really.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
On 09/13/2010 10:35 AM, Kleber Larroyd wrote:
Have any idea ? Where can i find the solution ?
When i trying connect (windows vista) freeradius server *with wireless over
access point* i get this error:
In the future please follow the instructions to send the *complete*
output of radiusd -X
Hi,
peap {
default_eap_type = mschapv2
copy_request_to_tunnel = no
use_tunneled_reply = no
personally, I'd advise that you set those to yes rather than no.
File /etc/raddb/users
DEFAULT Auth-Type = ntlm_auth
you dont need to do this. ever. we
$ man unlang
This says put the string %{1} as the value of Stripped-User-Name.
See the data types' section of the manual page, and the strings section.
Got it ;)
Thanks for your help, fixed now.
btw. the unlang-way is quite more flexible than the legacy-module-way
Was this problem even
Matthew P wrote:
btw. the unlang-way is quite more flexible than the legacy-module-way
Yes. That's why it was written. But there is still a need for the
modules.
Was this problem even possible to solve without using unlang? (using
freeradius 1.x for an example)
Likely not.
Alan
In a general regexp language, I guess that could be done with
([\w.-]+)(?...@.*).
Most regexes don't support \w, or (?... constructs.
Keep it simple:
if (User-Name =~ /^(.*)@(.*)$/) {
# name = %{1}
# realm = %{2}
}
Makes sense now :) Thanks.
man regex is written mostly
Matthew P wrote:
But I guess I missed to point with doing it this way, because:
if (User-Name =~ /@mydomain.com/) {
if (User-Name =~ /^(.*)@(.*)$/) {
update request {
Stripped-User-Name = %{1}
$ man unlang
This says put the string %{1} as the value of
Matthew P wrote:
Although, now a new problem arrised - I can't seem to get the (stripped)
username in the inner-tunnel with preprocess.
So the username stays in the form - u...@mydomain.com, but that isn't
usable for a LDAP search (on the AD).
So... decode the user-name using a regex.
Jevos, Peter wrote:
How should look like the ntlm_auth file ? How should look like mschap
module ?
How should look like parameter --require-membership-of in these files
?
How should look like users file ?
These answers I was not able to find in any documentation
Read the URLs from the
Jevos, Peter wrote:
However I was not able to find in these links anything about the
--require-membership-of
See the man page for ntlm_auth. It is just a Unix command that can
be run, like anything else.
and the vpn cisco client example
(also find on these pages found nothing :)
Jevos, Peter wrote:
However I was not able to find in these links anything about the
--require-membership-of
See the man page for ntlm_auth. It is just a Unix command that can
be run, like anything else.
and the vpn cisco client example
(also find on these pages found nothing :)
That's
Thanks for your help Alan, it really makes a difference when learning about
Freeradius configuration.
So... decode the user-name using a regex. You can then use that in
the LDAP configuration. The LDAP user search is configurable for a
*reason*.
I forgot to mention that I need the user
Matthew P wrote:
I forgot to mention that I need the user portion of u...@mydomain.com for
sql too.
u...@mydomain.com only needs to be sent to the home server (in case the
user doesn't have @mydomain.com or @mydomain2.com). In another words,
both AD and DB contain usernames, without any
Jevos, Peter wrote:
Thank you alan,
yes i can check the man page ( to be honest, that was i afraid of : ),but i
was looking for the examples
Please also edit your replies. There is no need to leave the original
message at the top of your reply.
As i wrote in my first email, cisco is
Hello friends
I was reading few tutorials regarding the Cisco authetication against
Freeradius and Windows AD.
Actually I'm not really clever, because main tutorial on the main pages
is connected with the older version , and there are more version of the
Freradius 2.0, a bit different:
On Fri, Jul 2, 2010 at 6:43 PM, Jevos, Peter peter.je...@oriflame.com wrote:
Actually I’m not really clever, because main tutorial on the main pages is
connected with the older version , and there are more version of the
Freradius 2.0, a bit different:
Hi thank you for your email.
So as I said before , I have working ntlm_auth in the form of:
Linux#/usr/bin/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=MYNAME
--require-membership-of='DOMAIN+DOMAIN_GROUP'
That works from the command line.It returns OK status
So now, I have about 60
Jevos, Peter wrote:
How should look like the ntlm_auth file ? How should look like mschap module
?
How should look like parameter --require-membership-of in these files ?
How should look like users file ?
These answers I was not able to find in any documentation
Read the URLs from the
realm mydomain.com {
auth_pool = active_directory
You'll need a line:
nostrip
To avoid EAP identity issues.
This worked, thanks. Preprocess doesn't strip the username in the default
server and EAP works.
Although, now a new problem arrised - I can't seem to get the
Hello everyone!
I'm new to FreeRadius, so please bear with me. :)
Goal: Make FreeRadius look-up a user in ActiveDirectory if he has
mydomain.com domain.
Used method: EAP/TTLS (PAP in the tunnel)
This is how I've done it, but it doesn't give the wanted results, so please
explain a bit. :)
(it
Matthew P wrote:
I'm new to FreeRadius, so please bear with me. :)
Good questions are a very good start.
Goal: Make FreeRadius look-up a user in ActiveDirectory if he has
mydomain.com domain.
Used method: EAP/TTLS (PAP in the tunnel)
This is how I've done it, but it doesn't give the
Hi,
We are using freeRADIUS-1.1.6 talk with AD. It can work if we use
EAP-peap(mschap-v2). Now I want to use Leap in client. But got failed. Can
Leap + freeRADIUS + AD support in freeRADIUS-1.1.6 or new version?
Thanks.
John
John wrote:
Hi,
We are using freeRADIUS-1.1.6 talk with AD. It can work if we use
EAP-peap(mschap-v2). Now I want to use Leap in client. But got failed.
Can Leap + freeRADIUS + AD support in freeRADIUS-1.1.6 or new version?
LEAP requires that the access points support LEAP. They don't
Hello,
I install freeradius on WIN2003,i want use AD as user database,
how to config radiusd.conf? LDAP or NTLM_Auth?
I can not find NTLM_Auth on windows 2003 , LDAP=AD?
thanks !
miao
2009-06-03
miaowang
-
List
if you are using Microsoft Windows its a windows feature/problem that sends
the user/domain in a certain order.
as far as i can remember this is the way
domain\user
On 21/12/2007, Hangjun He [EMAIL PROTECTED] wrote:
Hi,
freeRADIUS version 1.1.6.
When I use DOMAIN\user format, Can work.
Hi,
freeRADIUS version 1.1.6.
When I use DOMAIN\user format, Can work.
When I use [EMAIL PROTECTED] format, Can not work. Why?
Thanks!
John
-
雅虎邮箱传递新年祝福,个性贺卡送亲朋! -
List info/subscribe/unsubscribe? See
Hi,
I have taken 1.1.6 version.
why? oh dear why?!? 1.1.7 is the latest 1.1.x release and its
there for many many reasons. i dont grab Linux 0.9 kernel if
i want to run a Linux server.
I am not very clear on configuring the files.
First we are going to do dummy testing.
for very very
: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Friday, August 31, 2007 1:49 PM
To: FreeRadius users mailing list
Subject: Re: freeradius + ad
Hi,
I have taken 1.1.6 version.
why? oh dear why?!? 1.1.7 is the latest 1.1.x release and its
there for many many
Whether the password given in Users file is a Encrypted password or
normal?
Clertext-Password is normal.
Whether the secret which I am configuring in clients.conf should be
configured anywhere else?
On a client which is sending radius packets. With servers IP address.
All these files should be
.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Friday, August 31, 2007 2:39 PM
To: FreeRadius users mailing list
Subject: RE: freeradius + ad
Whether the password given in Users file is a Encrypted password or
normal?
Clertext
Hi,
Whether the password given in Users file is a Encrypted password or
normal?
your choice!
Whether the secret which I am configuring in clients.conf should be
configured anywhere else?
yes - on the NAS itself. but if you're using radtest or radclient
then that software is a virtual NAS
Hi,
I did not get clearly where to configure the secret other than
/usr/local/etc/raddb/clients.conf file.
unless (UNLESS) you are using some other NAS authentication method
- eg sticking them into an SQL table for checking, clients.conf
is the ONLY place where the NAS secret needs to be
Alexsander wrote:
alan, do you already saw freeradius work with active directory??
do you have some example file?
http://deployingradius.com/documents/configuration/active_directory.html
BUT if you have ntlm_auth working from the command line, 99% of the
work is done.
Again, If ntlm_auth
alan, do you already saw freeradius work with active directory??
do you have some example file?
tkx
On 8/31/07, Alan DeKok [EMAIL PROTECTED] wrote:
Alexsander wrote:
yes, i took it from the site freeradius.org, version 1.1.7, is correct?
Yes... the changes in 1.1.2 (or so) mean that the
: freeradius + ad
Whether the password given in Users file is a Encrypted password or
normal?
Clertext-Password is normal.
Whether the secret which I am configuring in clients.conf should be
configured anywhere else?
On a client which is sending radius packets. With servers IP address.
All
?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alan
DeKok
Sent: Friday, August 31, 2007 10:39 AM
To: FreeRadius users mailing list
Subject: Re: freeradius + ad
Alexsander wrote:
yes, i took it from the site freeradius.org, version 1.1.7, is
correct?
Yes
yes, i took it from the site freeradius.org, version 1.1.7, is correct?
On 8/30/07, Alan DeKok [EMAIL PROTECTED] wrote:
Alexsander wrote:
1 - but freeradius don't prints out any message using ntlm_auth
(except this one: mschap: ntlm_auth =
/usr/bin/ntlm_auth...%{ntdomain} ...)
Are
Alexsander wrote:
yes, i took it from the site freeradius.org, version 1.1.7, is correct?
Yes... the changes in 1.1.2 (or so) mean that the entire command line
isn't being printed out. That should be fixed.
In the mean time, ntlm_auth is telling the server that the MSCHAP
authentication
Alexsander wrote:
how can I could know what kind of error it is?
What part of the error message is unclear?
AD account is ok (I'm using that)
the password works fine when I run ntlm_auth command manually:
ntlm_auth --request-nt-key --domain=REFAP --username=dadfh9
password:
(Success)
1 - but freeradius don't prints out any message using ntlm_auth
(except this one: mschap: ntlm_auth =
/usr/bin/ntlm_auth...%{ntdomain} ...)
2 - the windows machine already on the network and logged on (with my
username), i'm just swap swtch port that this machine is connected -
swapping between
Alexsander wrote:
1 - but freeradius don't prints out any message using ntlm_auth
(except this one: mschap: ntlm_auth =
/usr/bin/ntlm_auth...%{ntdomain} ...)
Are you sure you're running a recent version? It SHOULD be printing
out the entire ntlm_auth command.
2 - the windows machine
Hi Alan,
how can I could know what kind of error it is?
AD account is ok (I'm using that)
the password works fine when I run ntlm_auth command manually:
ntlm_auth --request-nt-key --domain=REFAP --username=dadfh9
password:
(Success)
On 8/24/07, Alan DeKok [EMAIL PROTECTED] wrote:
Alexsander
Alexsander wrote:
Hi Alan, this is complete log captured using:
...
radius_xlat: '--nt-response=b5064e14567ab057f0757ee512947c1a900138564585ef02'
Exec-Program output: Logon failure (0xc06d)
Yes, there's a lot of output in debugging mode.
Read it.
You're running ntlm_auth, and it's
hi joe,
see this:
s8860ru01:/etc# /usr/bin/ntlm_auth --request-nt-key --domain=REFAP
--username=dadfh9
password:
[2007/08/17 07:35:26, 10] intl/lang_tdb.c:lang_tdb_init(138)
lang_tdb_init: /usr/share/samba/en_US.UTF-8.msg: No such file or directory
NT_STATUS_OK: Success (0x0)
s8860ru01:/etc#
Hi,
hi joe,
see this:
s8860ru01:/etc# /usr/bin/ntlm_auth --request-nt-key --domain=REFAP
--username=dadfh9
password:
[2007/08/17 07:35:26, 10] intl/lang_tdb.c:lang_tdb_init(138)
lang_tdb_init: /usr/share/samba/en_US.UTF-8.msg: No such file or directory
NT_STATUS_OK: Success (0x0)
tks alan!
there is some way to force log show me what parameter it has passing
to ntlm_auth bin?
On 8/17/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Hi,
hi joe,
see this:
s8860ru01:/etc# /usr/bin/ntlm_auth --request-nt-key --domain=REFAP
--username=dadfh9
password:
[2007/08/17
hi alan,
when I captured log I was using radiusd -X -A -y -z output.log
another thing:
I capture some pieces of output log:
radius_xlat: Running registered xlat function of module mschap for
string 'NT-Domain'
radius_xlat: '--domain=REFAP'
radius_xlat: Running registered xlat function of module
hi alan,
enabling log_goodpass and log_badpass I took this lines:
rlm_mschap: External script failed.
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
modcall[authenticate]: module mschap returns reject for request 6
modcall: leaving group MS-CHAP (returns reject) for request 6
rlm_eap:
Alexsander wrote:
hi alan,
enabling log_goodpass and log_badpass I took this lines:
rlm_mschap: External script failed.
And right before that in the log it shows you WHAT script it's
running, and WHY it failed.
If you want to solve the problem, don't delete every piece of useful
hi guys,
someone can help me do find my mistakes on freeradius configuration to use ad?
I have tried following this howto:
http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO
but still not working.
output: radiusd -X -A -y -z output.log
tks a lot
Exec-Program output: Logon failure (0xc06d)
Exec-Program-Wait: plaintext: Logon failure (0xc06d)
Exec-Program: returned: 1
rlm_mschap: External script failed.
those are prolly the lines of interest, your ntlm_auth is failing. try
it via the command line, once you get it working via
Hello All,
Could some one please tell me why ntlm_auth resurning OK with out
looking up the ADS .
I couldnt understand the debug.
On 5/1/07, shrikant Bhat [EMAIL PROTECTED] wrote:
Alan,
My intention is not argue, since I coudnt understand the debug I
posted the messege.
On 4/30/07, Alan
shrikant Bhat wrote:
Hello All,
Could some one please tell me why ntlm_auth resurning OK with out
looking up the ADS .
Ask the people who wrote ntlm_auth?
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List
Sorry I forgot to attach the radiusd.conf and debug results
***
..
prefix = /usr
exec_prefix = /usr
sysconfdir = /etc
localstatedir = /var
sbindir = /usr/sbin
logdir = ${localstatedir}/log/radius
raddbdir = ${sysconfdir}/raddb
It must be you. so your are the right person to tell me what is
causing ntlm_auth to send OK.
SB
On 5/2/07, Alan DeKok [EMAIL PROTECTED] wrote:
shrikant Bhat wrote:
Hello All,
Could some one please tell me why ntlm_auth resurning OK with out
looking up the ADS .
Ask the people who
shrikant Bhat wrote:
It must be you. so your are the right person to tell me what is
causing ntlm_auth to send OK.
Umm... no.
10 seconds of reading documentation would lead you to conclude that
ntlm_auth is part of the Samba project. I am not part of the Samba project.
Start reading
Why not try this? Worked for us.
http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO
Note that the first thing configured is the Samba server. It doesn't
even mention installing the Freeradius server until after the Samba
configuration is completed.
Hi,
It must be you.
The deploying freeradius + AD is an excellent guide for the ntlm_auth method.
Im guessing it is because your ntlm_auth command is commented out in
the mschap part
On 5/2/07, Danner, Mearl [EMAIL PROTECTED] wrote:
Why not try this? Worked for us.
http://wiki.freeradius.org
Alan,
My intention is not argue, since I coudnt understand the debug I
posted the messege.
On 4/30/07, Alan DeKok [EMAIL PROTECTED] wrote:
shrikant Bhat wrote:
I dont have the user in Active directory, yet free radius sends a
accept packet.
I did read the debug output, unlike you. It
Hi,
Any one who can help me with this ?
thanks in advance
SB
On 4/27/07, shrikant Bhat [EMAIL PROTECTED] wrote:
On Line 154 I have default Auth-Type = ntlm_auth. If I comment this
out I get the Access-reject packet.
thanks,
SB
On 4/27/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Well,
shrikant Bhat wrote:
...
Yes I figured that. thanks for that. But the issues is the user I am
trying to authenticate is not listed in users file or in AD, so I dont
understand how is it authenticating this user.
I have attached debug .
Have you read the debug output?
...
radius_xlat:
I dont have the user in Active directory, yet free radius sends a
accept packet.
thanks
On 4/30/07, Alan DeKok [EMAIL PROTECTED] wrote:
shrikant Bhat wrote:
...
Yes I figured that. thanks for that. But the issues is the user I am
trying to authenticate is not listed in users file or in
shrikant Bhat wrote:
I dont have the user in Active directory, yet free radius sends a
accept packet.
I did read the debug output, unlike you. It shows why. I told you
why. Stop arguing and read the debug output again, and my responses.
It's not FreeRADIUS. You have configured
Hello Alan,
I have built and installed 1.1.6 version of FreeRadius. When I test
using radtest it authenticates any user with any pasword, what I mean
by this is it doesnt seem to contact the ADS to lookup the user
information and authenticate. I have attached the debug
And what happens when you get Access-Request?
Dana 27/4/2007, shrikant Bhat [EMAIL PROTECTED] piše:
Hello Alan,
I have built and installed 1.1.6 version of FreeRadius. When I test
using radtest it authenticates any user with any pasword, what I mean
by this is it doesnt seem to contact the ADS
Yes I figured that. thanks for that. But the issues is the user I am
trying to authenticate is not listed in users file or in AD, so I dont
understand how is it authenticating this user.
I have attached debug .
thanks for the help.
On Line 154 I have default Auth-Type = ntlm_auth. If I comment this
out I get the Access-reject packet.
thanks,
SB
On 4/27/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Well, it matched something in the users file:
users: Matched entry DEFAULT at line 154
Dana 27/4/2007, shrikant Bhat
Well, it matched something in the users file:
users: Matched entry DEFAULT at line 154
Dana 27/4/2007, shrikant Bhat [EMAIL PROTECTED] piše:
Yes I figured that. thanks for that. But the issues is the user I am
trying to authenticate is not listed in users file or in AD, so I dont
understand
Hi,
radius.conf as per the instructions, but radtest fails with Access-Reject .I
have attached the debug window output for reference.
no you havent. you've attached a tiny snippet of the debug output.
auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting
shrikant Bhat wrote:
Hi,
I am trying to integrate freeradius with ADS 2003. I reffred to
http://deployingradius.com/documents/configuration/active_directory.html
http://deployingradius.com/documents/configuration/active_directory.html.
everything works perfectly fine till ( $ ntlm_auth
I tried with the following in the authenticate section
Auth-Type ntlm_auth {
mschap am not sure about the
protocol i need to use here
}
I have attached the debug window output
shrikant Bhat wrote:
I tried with the following in the authenticate section
Auth-Type ntlm_auth {
mschap am not sure about the
protocol i need to use here
The web page says to just put ntlm_auth in the authenticate
section. It doesn't say you need
My apologies for that mistake..
I have the following lines in modules section
exec ntlm_auth {
wait = no
program = /usr/bin/ntlm_auth --request-nt-key
--domain=MYDOMAIN.COM
--username=%{mschap:User-Name} --password=%{User-Password}
and I have ntlm_auth listed
shrikant Bhat wrote:
My apologies for that mistake..
I have the following lines in modules section
exec ntlm_auth {
wait = no
program = /usr/bin/ntlm_auth --request-nt-key
--domain=MYDOMAIN.COM
--username=%{mschap:User-Name} --password=%{User-Password}
Hi,
I am trying to integrate freeradius with ADS 2003. I reffred to
http://deployingradius.com/documents/configuration/active_directory.html
. everything works perfectly fine till ( $ ntlm_auth --request-nt-key
--domain=*MYDOMAIN* --username=*user* --password=*password*) I get
NT_STATUS_OK. I
Thank you so much Nikos!
-Original Message-
From: Nikos Vassiliadis [mailto:[EMAIL PROTECTED]
Sent: Friday, June 30, 2006 4:57 PM
To: freeradius-users@lists.freeradius.org
Cc: Егоров Сергей
Subject: Re: FW: mpd+freeradius+AD
On Friday 30 June 2006 11:57, Егоров Сергей wrote:
Ok
Title: RE: FW: mpd+freeradius+AD
Ok, this is my users file
test Auth-Type := MS-CHAP
Framed-IP-Address = 192.168.10.65
DEFAULT Auth-Type := MS-CHAP
And this is freeradius log, then I connect to mpd via test account:
Login OK: [test/no User-Password attribute] (from client localhost
. How could I improve it?
use radius-ip
read more here /usr/local/share/doc/mpd/mpd22.html
-Original Message-
From: Nikos Vassiliadis [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 29, 2006 7:05 PM
To: Undisclosed.Recipients :
Cc: Егоров Сергей
Subject: Re: FW: mpd+freeradius+AD
: Егоров Сергей
Subject: Re: mpd+freeradius+AD
On Monday 26 June 2006 14:04, Егоров Сергей wrote:
Thanks for reply.
You can use one of the three firewalls avaliable in the base system(ipfw,
ipf and pf), however mpd comes with a small dictionary that uses
ipfw(8) and you can easily define
-users@lists.freeradius.org
Cc: Егоров Сергей
Subject: Re: mpd+freeradius+AD
On Monday 26 June 2006 14:04, Егоров Сергей wrote:
Thanks for reply.
You can use one of the three firewalls avaliable in the base system(ipfw,
ipf and pf), however mpd comes with a small dictionary that uses
ipfw(8
Hi all! I have completed setup of mpd+freeradius+AD
2003. Now my users authenticating from Active Directory, if they are members of
specific group. But I still have some questions:
How to
make a different timeouts for different groups in AD
How to appoint
special IP
On Monday 26 June 2006 09:55, Егоров Сергей wrote:
Hi all! I have completed setup of mpd+freeradius+AD 2003. Now my users
authenticating from Active Directory, if they are members of specific
group. But I still have some questions:
1.How to make a different timeouts for different groups
@lists.freeradius.org
Cc: Егоров Сергей
Subject: Re: mpd+freeradius+AD
On Monday 26 June 2006 09:55, Егоров Сергей wrote:
Hi all! I have completed setup of mpd+freeradius+AD 2003. Now my users
authenticating from Active Directory, if they are members of specific
group. But I still have some questions:
1
On Monday 26 June 2006 14:04, Егоров Сергей wrote:
Thanks for reply.
You can use one of the three firewalls avaliable in the base system(ipfw,
ipf and pf), however mpd comes with a small dictionary that uses
ipfw(8) and you can easily define some filter bound to an interface
(bound to a
Hi all! I have completed setup of mpd+freeradius+AD
2003. Now my users authenticating from Active Directory, if they are members of
specific group. But I still have some questions:
How to
make a different timeouts for different groups in AD
How to appoint
special IP
1 - 100 of 118 matches
Mail list logo
