Ok, Where are USER CREDENTIALS stored, the one descibed in the Manual is Bind as User. That is USer Entry is added in Users file and after using ntlm_auth, it is checked against a Active Directory or LDAP server backend using NT Lan manager Authentication Protocol.
For example: Users file: User Auth-Type :- ntlm_auth In Active Directory User should be a member. So, then ntlm_auth requests will be passed from your Server to Active Directory or LDAP Server. Otherwise you will not setup ntlm_auth. SYED On Thu, Oct 9, 2008 at 12:58 PM, <[EMAIL PROTECTED]>wrote: > OK, I have tested it with "radtest MyUser MyPassword localhost 0 > testing123" and this is what the server gave back: > > > > Ready to process requests. > > rad_recv: Access-Request packet from host 127.0.0.1 port 32793, id=92, > length=58 > > User-Name = "MyUser" > > User-Password = "MyPassword" > > NAS-IP-Address = IP.OF.THE.SERVER > > NAS-Port = 0 > > +- entering group authorize {...} > > ++[preprocess] returns ok > > ++[chap] returns noop > > ++[mschap] returns noop > > [suffix] No '@' in User-Name = "MyUser", looking up realm NULL > > [suffix] No such realm "NULL" > > ++[suffix] returns noop > > [eap] No EAP-Message, not doing EAP > > ++[eap] returns noop > > ++[unix] returns notfound > > ++[files] returns noop > > ++[expiration] returns noop > > ++[logintime] returns noop > > [pap] WARNING! No "known good" password found for the user. Authentication > may fail because of this. > > ++[pap] returns noop > > No authenticate method (Auth-Type) configuration found for the request: > Rejecting the user > > Failed to authenticate the user. > > Using Post-Auth-Type Reject > > +- entering group REJECT {...} > > [attr_filter.access_reject] expand: %{User-Name} -> MyUser > > attr_filter: Matched entry DEFAULT at line 11 > > ++[attr_filter.access_reject] returns updated > > Delaying reject of request 0 for 1 seconds > > Going to the next request > > Waking up in 0.9 seconds. > > Sending delayed reject for request 0 > > Sending Access-Reject of id 92 to 127.0.0.1 port 32793 > > Waking up in 4.9 seconds. > > Cleaning up request 0 ID 92 with timestamp +3710 > > Ready to process requests. > > > > Now what should I do? > Thanks in advance. > > > > *Von:* freeradius-users-bounces+frederik.niedernolte=bertelsmann.de@ > lists.freeradius.org > [mailto:freeradius-users-bounces+frederik.niedernolte<freeradius-users-bounces%2Bfrederik.niedernolte> > [EMAIL PROTECTED] *Im Auftrag von *Syed Anwarul Hasan > *Gesendet:* Donnerstag, 9. Oktober 2008 12:12 > > *An:* FreeRadius users mailing list > *Betreff:* Re: Problem with ntlm_auth > > > > Hi, > You can use radtest tool to check with the Server.The Server will return > accept-accept message. > Other tool includes JRadius Simulator as IVAN told. bu I have not used it. > Otherwise If you have a Native PEAP or TTLS client, you can sent MSCHAP > requests to use ntlm_auth with Active DIRECTORY or LDAP server backend.(if > you have) > > SYED > > On Thu, Oct 9, 2008 at 11:54 AM, <[EMAIL PROTECTED]> > wrote: > > Thanks, now it works :) > > > > Now the last step: How can I test it? What tool/program etc. can/should I > use to test it? > > "The radclient cannot currently be used to send this request, > unfortunately, which makes testing a little difficult If everything goes > well, you should see the server returning an > Access-Accept<http://freeradius.org/rfc/rfc2865.html#Access-Accept>message as > above." > > > > Mit freundlichen Grüßen / Kind regards > > Frederik Niedernolte > ------------------------------------------------------- > arvato services > An der Autobahn > 33310 Gütersloh > Germany > http://www.arvato-services.de > [EMAIL PROTECTED]<[EMAIL PROTECTED]> > Tel.: +49 (0)5241 80-40554 > > arvato services GmbH: Sitz Gütersloh | Amtsgericht Gütersloh HRB 3826 | > Geschäftsführer Ralf Bierfischer, Bodo Krönfeld, Markus Schmedtmann, Eckhard > Südmersen > > > > *Von:* freeradius-users-bounces+frederik.niedernolte=bertelsmann.de@ > lists.freeradius.org > [mailto:freeradius-users-bounces+frederik.niedernolte<freeradius-users-bounces%2Bfrederik.niedernolte> > [EMAIL PROTECTED] *Im Auftrag von *Syed Anwarul Hasan > *Gesendet:* Donnerstag, 9. Oktober 2008 11:44 > *An:* FreeRadius users mailing list > *Betreff:* Re: Problem with ntlm_auth > > > > Hi Frederik, > > 1) Put User entry on *TOP* of users file. > 2) In default file, in authenticate section, add *ntlm_auth. *Don't set > using Auth-Type. > 3) Also in Sites-enabled/inner-tunnel which is Virtual Server Inner Tunnel. > Add *ntlm_auth* in Authenticate Section. > > I hope it will solve your problem. > SYED > > On Thu, Oct 9, 2008 at 11:17 AM, <[EMAIL PROTECTED]> > wrote: > > I have finished all steps till „*user* Auth-Type := ntlm_auth" from > http://deployingradius.com/documents/configuration/active_directory.html. > > With this command I get this error message at the end of > "/usr/sbin/freeradius –X": > > > > /etc/freeradius/users[1]: Parse error (check) for entry MyUser: Unknown > value ntlm_auth for attribute Auth-Type > > Errors reading /etc/freeradius/users > > /etc/freeradius/modules/files[7]: Instantiation failed for module "files" > > /etc/freeradius/sites-enabled/inner-tunnel[111]: Failed to find module > "files". > > /etc/freeradius/sites-enabled/inner-tunnel[34]: Errors parsing authorize > section. > > } > > } > > Errors initializing modules > > > > The authenticate section in the /etc/freeradius/sites-enabled/default looks > like this (only important part): > > > > authenticate { > > # > > # NTML_AUTH authentication. > > Auth-Type ntlm_auth { > > ntlm_auth > > } > > > > What is wrong and what can I do to solve the problem? > > Thanks in advance. > > Best regards, F. Niedernolte > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html