On 01/12/2012 04:08 PM, lmgo5991 wrote:
Hi Phil,
Thanks for you quick response. Just to clarify what we have succeeded in t=
o date:
1. Install Samba done
2. Join Samba to the domain done
3. Start winbind done
4. Configure FreeRADIUS to use ntlm_auth to check MSCHAP against the
AD controllers done
After finding the updated changes for fr v2 we ran the radius -X are are no=
w receiving the following:-
rad_recv: Access-Request packet from host 10.1.5.4 port 32768, id=3D193, le=
ngth=3D256
User-Name =3D "radldapu...@gcu.ac.uk"
Calling-Station-Id =3D "00:24:2c:7a:d8:7d"
Called-Station-Id =3D "00:26:cb:80:33:20:eduroam"
NAS-Port =3D 29
Cisco-AVPair =3D "audit-session-id=3D0a0105040000026d4f0f0224"
NAS-IP-Address =3D 10.1.5.4
NAS-Identifier =3D "CLIC_WiSM_A"
Airespace-Wlan-Id =3D 9
Service-Type =3D Framed-User
Framed-MTU =3D 1300
NAS-Port-Type =3D Wireless-802.11
Tunnel-Type:0 =3D VLAN
Tunnel-Medium-Type:0 =3D IEEE-802
Tunnel-Private-Group-Id:0 =3D "914"
EAP-Message =3D 0x0202001a017261646c64617075736572406763752e61632e7=
56b
Message-Authenticator =3D 0x569f3fe4b0f6cc0bacb1451b037bb5e3
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/=
default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] Looking up realm "gcu.ac.uk" for User-Name =3D "radldapu...@gcu.ac=
.uk"
[suffix] Found realm "GCU.AC.UK"
[suffix] Adding Stripped-User-Name =3D "radldapuser"
[suffix] Adding Realm =3D "GCU.AC.UK"
[suffix] Proxying request from user radldapuser to realm GCU.AC.UK
[suffix] Preparing to proxy authentication request to realm "GCU.AC.UK"
++[suffix] returns updated
[eap] Request is supposed to be proxied to Realm GCU.AC.UK. Not doing EAP.
++[eap] returns noop
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
WARNING: Empty pre-proxy section. Using default return values.
Sending Access-Request of id 98 to 10.1.1.78 port 1812
This is a completely different config, behaving completely differently
to your previous post. Now, you are proxying everything to an external
server.
The proxy destination:
10.1.1.78
...isn't responding, which is why it isn't working.
We are trying to locate where we would reference our internal AD within eit=
her proxy.conf and/or clients.conf. or should ntlm do this automatically...=
..
I think you have made a fundamental misunderstanding.
If you are proxying a request, you are sending it to a different radius
server. You don't "reference your AD servers" or use ntlm.
If you are proxying, the destination radius server does all the work.
What do you want to do here? Proxy, or authenticate? You can't do both.
If you want to authenticate, don't proxy. If you want to proxy, make the
proxy destination reply.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
