Hi, I've included the ntlm_auth command line - is that what you meant by > can you cut and past your ntlm_auth line
ntlm_auth --request-nt-key --domain=XXX.local --username=XXX password: NT_STATUS_OK: Success (0x0) ======================================= The /etc./raddb/modules/ntlm_auth file: # -*- text -*- # # $Id$ # NTLM module # # To authenticate requests using AD. # ntlm_auth { wait = yes program = "/usr/bin/ntlm_auth --request-nt-key --domain=XXX --username=%{mschap:User-Name} --password=%{User-Password}" } ======================================= ======================================= Extract from /etc/raddb/sites-enabled/default # Uncomment it if you want to use ldap for authentication # # Note that this means "check plain-text password against # the ldap database", which means that EAP won't work, # as it does not supply a plain-text password. # Auth-Type LDAP { # ldap # } # # Allow EAP authentication. eap ntlm_auth } # # Pre-accounting. Decide which accounting type to use. # ======================================= ======================================= Extract from /etc/raddb/sites-enabled/inner-tunnel # Uncomment it if you want to use ldap for authentication # # Note that this means "check plain-text password against # the ldap database", which means that EAP won't work, # as it does not supply a plain-text password. # Auth-Type LDAP { # ldap # } # # Allow EAP authentication. eap ntlm_auth } ###################################################################### # # There are no accounting requests inside of EAP-TTLS or PEAP # tunnels. # ###################################################################### # Session database, used for checking Simultaneous-Use. Either the radutmp ======================================= Thanks, Mark. ________________________________________ From: freeradius-users-bounces+mark.whitmarsh=nhs....@lists.freeradius.org [freeradius-users-bounces+mark.whitmarsh=nhs....@lists.freeradius.org] On Behalf Of Alan Buxey [a.l.m.bu...@lboro.ac.uk] Sent: 10 March 2010 14:07 To: FreeRadius users mailing list Subject: Re: Freeradius with Active Directory Hi, > Everything works up to and including the command line test using ntlm_auth > but after I create the file raddb/modules/ntlm_auth > and make the changes to raddb/sites-enabled/default , > raddb/sites-enabled/inner-tunnel and the users file I get an error when > running radiusd -X can you cut and past your ntlm_auth line (comment out with XXX's any sensitive data) and the inner-tunnel and default config files - just the section around where you made changes - at least 20 lines before and after. (once again, comment out any sensitive values) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ******************************************************************************************************************** This message may contain confidential information. If you are not the intended recipient please inform the sender that you have received the message in error before deleting it. Please do not disclose, copy or distribute information in this e-mail or take any action in reliance on its contents: to do so is strictly prohibited and may be unlawful. Thank you for your co-operation. NHSmail is the secure email and directory service available for all NHS staff in England and Scotland NHSmail is approved for exchanging patient data and other sensitive information with NHSmail and GSI recipients NHSmail provides an email address for your career in the NHS and can be accessed anywhere For more information and to find out how you can switch, visit www.connectingforhealth.nhs.uk/nhsmail ******************************************************************************************************************** - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html