Yes I too would like some help with this. This what I am trying to do: 1. authenticate via chap (from chillispot) to freeradius, using unix shadow passwords or pam..
I followed the pam directions and it works fine for pap, but not chap.. 2. also, would like to get it to work via AD (kerberos etc.) A doc on this would be very helpful... Dave > On Mon, 21 Nov 2005, King, Michael wrote: > > > > Oh, excellent. I just joined this list hoping to query the > > > members on finding more information on doing > > > wireless+activedirectory+freeradius, > > > unfortunately I could not find any good postings, or web > > > toots/examples. > > > > Hi Robin, Welcome to the club. > > > > > > > I would need to use Microsoft IAS. Is this false ? > > Yes, That particular example used Microsoft IAS, but it is not > > required. > > > > > > > Are people > > > using Active Directory successfully ? > > Yes. Besides myself, there are many people on this list that are. > > > > > I have a linux box that > > > is currently acting as a tacacs server while authenticating > > > using winbind etc, and was hoping to make it a radius server as well. > > > > You are already 3/4 of the way there, since the trickest part of my > > freeradius setup was getting winbind to talk to activedirectory > > > > Depending on your Linux distribution, you will just have to install > > freeradius. (Some distributions like Debian require a -disable-shared) > > > > Go thru the radiusd.conf and the eap.conf files, it's clearly commented > > on what you need to configure. > > > > You'll see a section marked: > > ntlm_auth = "/path/to/ntlm_auth ........(Trimmed) > > > > You might need to modify this to: > > ntlm_auth = "/path/to/ntlm_auth --request-nt-key > > --username=%{mschap:User-Name} --domain=%{mschap:NT-Domain} > > --challenge=%{mschap:Challenge:-00} > > --nt-response=%{mschap:NT-Response:-00}" > > > > Don't hesitate to ask questions. There is a good Howto (unfortuantly, I > > don't have my bookmarks with me) but some others on the list hopefully > > will post it. > > > > Yes winbind kerberos stuff works well, and I got it previously working to > enable TAC_PLUS to do active directory authentication. > > If anyone knows the site with a good howto I would greatly apprecieate it. > > Otherwise I am chugging along. > > I have gotten the windows program NTRadPing to authenticate non CHAP with > a local UNIX account. I am not sure what fields I must enter to get > MS-CHAP to test, or if there is even a difference between CHAP and > MS-CHAP? > > Anyways I fuddled around with a bunch of different combinations and always > get this in the logfile > > Auth: Login incorrect (rlm_chap: Clear text password not available): > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html