FreeRadius + AD + Realms

Tue, 29 Jun 2010 23:53:54 -0700 

Hello everyone!

I'm new to FreeRadius, so please bear with me. :)

Goal: Make FreeRadius look-up a user in ActiveDirectory if he has 
"mydomain.com" domain.
Used method: EAP/TTLS (PAP in the tunnel)

This is how I've done it, but it doesn't give the wanted results, so please 
explain a bit. :)
(it doesn't seem to load the local_ad virtual server configuration, which is I 
placed in the sites-enabled directory, it seems to just carry on executing the 
default server)

parts from proxy.conf:
proxy server {
    default_fallback = no
}

home_server localhost_ad {
    type = auth
    virtual_server = local_ad
}

home_server_pool active_directory {
    type = fail-over
    virtual_server = local_ad
    home_server = localhost_ad
}

realm mydomain.com {
    auth_pool = active_directory
}

And the output:
rad_recv: Access-Request packet from host 192.168.0.101 port 1812, id=8,
length=138
    NAS-IP-Address = 192.168.0.101
    NAS-Port-Type = Async
    User-Name = "u...@mydomain.com"
    Service-Type = Framed-User
    Framed-MTU = 1500
    Calling-Station-Id = "00-11-22-33-44-55"
    EAP-Message =
0x0200001d016a73691d756e646363406c73732d6e65542e6c73732e6872
    Message-Authenticator = 0x10017179767a5ab6718168e8399c8993
+- entering group authorize
++[preprocess] returns ok
    rlm_realm: Looking up realm "mydomain.com" for User-Name = 
"u...@mydomain.com"
    rlm_realm: Found realm "mydomain.com"
    rlm_realm: Adding Stripped-User-Name = "user"
    rlm_realm: Adding Realm = "mydomain.com"
    rlm_realm: Proxying request from user user to realm mydomain.com
    rlm_realm: Preparing to proxy authentication request to realm "mydomain.com"
++[suffix] returns updated
  rlm_eap: Request is supposed to be proxied to Realm mydomain.com. Not doing 
EAP.
++[eap] returns noop
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
There was no response configured: rejecting request 0
  Found Post-Auth-Type Reject
+- entering group REJECT
    expand: %{User-Name} -> u...@mydomain.com
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request

Thanks in advance!
                                          
_________________________________________________________________
Hotmail: Trusted email with powerful SPAM protection.
https://signup.live.com/signup.aspx?id=60969
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to