Softerra ldap browser helped with AD structure
Relevant radiusd.conf
mschap {
<snip>
with_ntdomain_hack = yes
ntlm_auth = "/usr/local/samba/bin/ntlm_auth --request-nt-key
--username=%{Stripped-User-Name:-%{User-Name:-None}} --challenge=
%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
<snip>
}
ldap {
server = "x.x.x.x"
port = 636
identity = "cn=ldapuser,dc=yourdomain,dc=com"
password = yourpassword
basedn = "dc=domain,dc=com"
filter = "(&(samaccountname=%{Stripped-User-Name:-%{User-Name}}))"
start_tls = no
tls_cacertfile = /usr/local/ssl/certs/server.pem
tls_cacertdir = /usr/local/ssl/certs/
<snip>
}
eap.conf {
<snip on defaults>
default_eap_type = peap
tls {
private_key_file = /usr/local/ssl/bin/pluto.key
certificate_file = /usr/local/ssl/bin/pluto.crt
CA_file = /usr/local/ssl/certs/sausecure.pem
dh_file = ${raddbdir}/certs/dh
random_file = ${raddbdir}/certs/random
}
ttls {
default_eap_type = md5
copy_request_to_tunnel = no
use_tunneled_reply = no
}
peap {
default_eap_type = mschapv2
}
mschapv2 {
}
}
smb.conf -
workgroup = YOURDOMAIN
hosts allow = x.x.x.x. 127.
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind nested groups = no
winbind separator = +
winbind trusted domains only = no
winbind use default domain = no
winbind cache time = 10
security = domain
password server = *
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AJ
Grinnell
Sent: Thursday, January 13, 2005 1:19 PM
To: freeradius-users@lists.freeradius.org
Subject: Re: LDAP, PEAP, Active Directory issue
Does anyone have an example of radiusd.conf that will show the
following. I know this can be done.
Windows XP client --> 802.1x/PEAP --> Freeradius 1.0.1 --> Active
Directory
I have tried many different configs, yet I am still getting an error
with the password. I just need an example, please.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
