Yohoo!
I've a (for me)
strange problem mit ntlm_auth.
I want to use
freeradius as an proxy for authentication against ActiveDirectory. So I've
installed winbind. "wbinfo -u" and "wbinfo -g" shows me the User and Grouplists.
Nice :)
I've configured
freeradius like Alan DeKok showed in his posting from Tue Jul 12 18:33:05 CEST
2005:
-----------snip---------------
modules
{...
exec win_domain {
wait = yes
input_pairs = request
output_pairs = reply
program = "ntlm_auth --username=\"%{User-Name}\" --password=\'%{User-Password}\' --domain=mydomain"
}
...
}
Now list "win_domain" in the "authenticate" section, and add the
following entry to the "users" file:
DEFAULT Auth-Type = win_domain
-----------snip---------------
When I start ntlm_auth on command
line:
server:/#
/usr/bin/ntlm_auth --username='_web' --password='XXXXX!'
--domain=mydomain
NT_STATUS_OK: Success (0x0)
NT_STATUS_OK: Success (0x0)
All is ok.
:)
Trying the same with
radtest:
ldaptest02:/etc/raddb# radtest "_web" 'XXXXX!' localhost 10
testing123
Sending
Access-Request of id 75 to
127.0.0.1:1812
User-Name = "_web"
User-Password = "XXXXX!"
NAS-IP-Address = ldaptest
NAS-Port = 10
rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=75, length=20
User-Name = "_web"
User-Password = "XXXXX!"
NAS-IP-Address = ldaptest
NAS-Port = 10
rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=75, length=20
Nothing is ok
:-(
Logfiles:
-----------snip---------------
Nov
8 13:58:57 ldaptest radiusd: modcall: group authorize returns ok for request
8Nov 8 13:58:57 ldaptest radiusd: rad_check_password: Found Auth-Type win_domain
Nov 8 13:58:57 ldaptest radiusd: auth: type "win_domain"
Nov 8 13:58:57 ldaptest radiusd: Processing the authenticate section of radiusd.conf
Nov 8 13:58:57 ldaptest radiusd: modcall: entering group Auth-Type for request 8
Nov 8 13:58:57 ldaptest radiusd: radius_xlat: '/usr/bin/ntlm_auth --username='_web' --password='XXXXX!' --domain=central'
Nov 8 13:58:57 ldaptest radiusd: Exec-Program: /usr/bin/ntlm_auth --username='_webman' --password='XXXXX!' --domain=central
Nov 8 13:58:57
ldaptest radiusd: Exec-Program output: NT_STATUS_NO_SUCH_USER: No such user
(0xc0000064)
Nov 8 13:58:57 ldaptest radiusd: Exec-Program-Wait: plaintext: NT_STATUS_NO_SUCH_USER: No such user (0xc0000064)
Nov 8 13:58:57 ldaptest radiusd: Exec-Program: returned: 1
Nov 8 13:58:57 ldaptest radiusd: rlm_exec (win_domain): External script failed
Nov 8 13:58:57 ldaptest radiusd: modcall[authenticate]: module "win_domain" returns fail for request 8
Nov 8 13:58:57 ldaptest radiusd: Exec-Program-Wait: plaintext: NT_STATUS_NO_SUCH_USER: No such user (0xc0000064)
Nov 8 13:58:57 ldaptest radiusd: Exec-Program: returned: 1
Nov 8 13:58:57 ldaptest radiusd: rlm_exec (win_domain): External script failed
Nov 8 13:58:57 ldaptest radiusd: modcall[authenticate]: module "win_domain" returns fail for request 8
-----------snip---------------
The line in the log is the same as I enter
it at command line. Why is the answer different?
Thanks for your help and/ or ideas for
problem solution!
Greets from Germany
Christian
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html