Hello I want to authenticate users against Active Directory for EAP-MSCHAPv2 and PAP. PAP is for a wireless web authentication redirection service that authenticates using PAP and its PAP I'm trying to debug not MSCHAP at present.
I've been following http://deployingradius.com/documents/configuration/active_directory.html All goes well until I get towards the end. Once I remove DEFAULT Auth-Type = ntlm_auth from users PAP stops working where do I add the configuration to allow PAP to continue with ntlm_auth rather than just failing? with the setting I get success Info: +- entering group authorize {...} Info: ++[preprocess] returns ok Info: ++[chap] returns noop Info: ++[mschap] returns noop Info: [suffix] No '@' in User-Name = "np", looking up realm NULL Info: [suffix] No such realm "NULL" Info: ++[suffix] returns noop Info: [eap] No EAP-Message, not doing EAP Info: ++[eap] returns noop Info: ++[unix] returns notfound Info: [files] users: Matched entry DEFAULT at line 1 Info: ++[files] returns ok Info: ++[expiration] returns noop Info: ++[logintime] returns noop Info: [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. Info: ++[pap] returns noop Info: Found Auth-Type = ntlm_auth Info: +- entering group authenticate {...} Info: [ntlm_auth] expand: --username=%{mschap:User-Name} -> --username=ID Info: [ntlm_auth] expand: --password=%{User-Password} -> --password=SECRET Debug: Exec-Program output: NT_STATUS_OK: Success (0x0) Debug: Exec-Program-Wait: plaintext: NT_STATUS_OK: Success (0x0) Debug: Exec-Program: returned: 0 Info: ++[ntlm_auth] returns ok Info: +- entering group post-auth {...} Info: ++[exec] returns noop Sending Access-Accept of id 243 to 158.143.207.212 port 42687 without it no ntlm is attempted Info: +- entering group authorize {...} Info: ++[preprocess] returns ok Info: ++[chap] returns noop Info: ++[mschap] returns noop Info: [suffix] No '@' in User-Name = "np", looking up realm NULL Info: [suffix] No such realm "NULL" Info: ++[suffix] returns noop Info: [eap] No EAP-Message, not doing EAP Info: ++[eap] returns noop Info: ++[unix] returns notfound Info: ++[files] returns noop Info: ++[expiration] returns noop Info: ++[logintime] returns noop Info: [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. Info: ++[pap] returns noop Info: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Info: Failed to authenticate the user. Info: Using Post-Auth-Type Reject Info: +- entering group REJECT {...} Info: [attr_filter.access_reject] expand: %{User-Name} -> ID Debug: attr_filter: Matched entry DEFAULT at line 11 Info: ++[attr_filter.access_reject] returns updated Info: Delaying reject of request 0 for 1 seconds Debug: Going to the next request Debug: Waking up in 0.9 seconds. Info: Sending delayed reject for request 0 Sending Access-Reject of id 7 to 158.143.207.212 port 53676 TIA, Neil Please access the attached hyperlink for an important electronic communications disclaimer: http://www.lse.ac.uk/collections/planningAndCorporatePolicy/legalandComplianceTeam/legal/disclaimer.htm - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html