I didn't use realms to get this working, I think realms is only if you are going to use freeradius as a radius proxy. If you want to authenticate users using their domain user and password, you must get ntlm_auth working (search for it in radiusd.conf), but as Alan here pointed out to me, it is best to make it work manually by typing something like: ntlm_auth --request-nt-key --username=<username> --password=<password> --domain=<DOMAIN>
But before I got this to work I had to configure and start the samba service, and make the freeradius server join the domain. The samba config for me is located here: /etc/samba/smb.conf, I changed only two things: workgroup = <your domain name> wins server = <ip adress to your wins server> Start samba with (i think): service start smbd I can't remember the command to join the domain, I'll have to get back to you on that one. ntlm_auth uses a another program called winbindd in the background... It can be difficult to make it work right, but read it's log in /var/log/samba/winbindd.log, and you'll understand. I hope this is some of what you were looking for. - Øystein > -----Original Message----- > From: Christoph Litauer [mailto:[EMAIL PROTECTED] > Sent: 11. oktober 2004 14:20 > To: [EMAIL PROTECTED] > Subject: Re: using realm ntdomain fails > > Alan DeKok schrieb: > > Christoph Litauer <[EMAIL PROTECTED]> wrote: > > > >>I want to use realm ntdomin, but had no success so far. > Debug output > >>always says: > >>modcall[authorize]: module "ntdomain" returns noop for request 47 > > > > > > OK.... > > > > > >> rlm_realm: Looking up realm "LAPLITAUER" for User-Name = > >>"LAPLITAUER\litauer" > >> rlm_realm: No such realm "LAPLITAUER" > > > > > > So... did you define that realm in "proxy.conf", or in > the "realms" > > file? I'd bet that the answer is "no". > > > > Alan DeKok. > > Thank you Alan, seems as if I still haven't understood who to > handle realms. So if you please could give a short tip how to > handle the following situation: > > I want to authenticate my wlan users via PEAP using > ntlm_auth. This works if the windows users configure an > authentication with an empty domain. I still want users to be > able to use their windows logon and password. Unfortunatly > this case prefixes the username with the domain (e.g. > LAPLITAUER\litauer). I want to discard the domain part. Is it > possible? Do I have to use realms? > > Thanks in advance. > -- > Regards > Christoph > ______________________________________________________________ > __________ > Christoph Litauer [EMAIL PROTECTED] > Uni Koblenz, Rechenzentrum, http://www.uni-koblenz.de/~litauer > Postfach 201602, 56016 Koblenz Fon: +49 261 287-1311, > Fax: -100 1311 > PGP-Key: http://www.uni-koblenz.de/~litauer/public-key.html > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
