pam_winbind and pam_radius thru NT domains
Hi All, Good Day! My NT domains users can already login to my redhat 7.3 using the pam_winbind module. However, when I try to use it in my Cisco using a PAP authentication, I can't authenticate using NT domain users to cisco terminal server. When I check in cisco terminal server, the username and async modem stay only form around 15 seconds and hang up my RAS connections. See my logs below:- Do I need pam_radius module to enable to authenticate my RAS clients using freeradius for this kind of setup beside of my pam_winbindd modules? Any suggestion and advise are very welcome and appreciated. Many thanks. Ready to process requests. rad_recv: Access-Request packet from host 10.76.16.3:1645, id=12, length=76 NAS-IP-Address = 10.76.16.3 NAS-Port = 65 NAS-Port-Type = Async User-Name = jungab User-Password = s1langan Service-Type = Framed-User Framed-Protocol = PPP modcall: entering group authorize modcall[authorize]: module preprocess returns ok rlm_chap: Could not find proper Chap-Password attribute in request modcall[authorize]: module chap returns noop modcall[authorize]: module mschap returns ok rlm_realm: No '@' in User-Name = jungab, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop users: Matched DEFAULT at 152 users: Matched DEFAULT at 157 modcall[authorize]: module files returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type SMB auth: type SMB modcall: entering group authtype Regards Jay Ungab Jardine Direct Company Inc - OSSC 3/F, Jardine Davies Building 222 Sen. Gil J. Puyat Avenue Makati City, Philippines Telephone: +63 2 8920190 extension 231 Voice/IP (from ATL Devon): 50-1110-231 Fax: +63 2 8939569 Network Team Mobile: +63 918 9225905 Email: [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
centralised authentication (freeradius using pam_windbind thru NT domains)
Hi All, I have a queries. The following scenario are already implemented in my heterogenous systems test site. I already centralise my authentication to use the NT domain using a pam_windbind module. Any NT domain users can login already to my unix box using the account in our NT domain machine server. My real problem persist are for my RAS authentication. I setup my freeradius using a redhat 7.3 OS to use the autheticate to my NT domains users database instead of creating each users or synchronizing the accounts in redhat box. In my pam.d configuration in radiusd and smb-auth, I add the entries below suggested in this list. ( see below of my entries). However, I can't successfully login to my NAS accounts when I try to dialin using the account of my NT domain user database. I also try to use the radtest utility if my account can authenticate using the NT domain user database but no success at all also. But using the redhat system account its work. Does anyone know where should I focus my troubleshooting? What authentication modules should be ideal for my setup using the freeradius? Any suggestion, pointers and advise are really appreciated. If anybody in this list successfully done this setup, please lean me your configurations. Many thanks in advance. radiusd: #%PAM-1.0 authrequired/lib/security/pam_securetty.so authrequired/lib/security/pam_stack.so service=smb-auth authrequired/lib/security/pam_nologin.so account required/lib/security/pam_stack.so service=smb-auth passwordrequired/lib/security/pam_stack.so service=smb-auth session required/lib/security/pam_stack.so service=smb-auth session optional/lib/security/pam_console.so smb-auth: #%PAM-1.0 authrequired/lib/security/pam_env.so authsufficient /lib/security/pam_winbind.so authrequired/lib/security/pam_deny.so account sufficient /lib/security/pam_winbind.so account required/lib/security/pam_unix.so passwordrequired/lib/security/pam_cracklib.so retry=3 type= passwordsufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow passwordrequired/lib/security/pam_deny.so session required/lib/security/pam_limits.so session required/lib/security/pam_unix.so Regards Jay Ungab Jardine Direct Company Inc - OSSC 3/F, Jardine Davies Building 222 Sen. Gil J. Puyat Avenue Makati City, Philippines Telephone: +63 2 8920190 extension 231 Voice/IP (from ATL Devon): 50-1110-231 Fax: +63 2 8939569 Network Team Mobile: +63 918 9225905 Email: [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html