Pam_krb5 - Active Directoy
Hi I'm trying to authenticate users with account existing in Active Directory with pam_krb5 and pam_ldap. I would like to know : 1/ Which file do you have to modifiy for configuring pam_krb5 (for saying pam_krb5 which is the IP of the Domain Controller ...) 2/ in file pam.d/radiusd , if i set only the line : authsufficient /lib/security/pam_krb5.so , will it work ? 3/in file radiusd.conf , you only have to uncomment the line : pam, in the authenticate section? 4/the error i have now is : modcall: entering group authenticate rlm_pam: Attribute "User-Password" is required for authentication modcall: group authenticate returns invalid auth:failed to validate user Thank you alot one more time _ Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Active Directory - rlm_ldap
Thank You for your answers. But I can't understand why rlm_ldap ask me for User-Password attribute. What do I have to do for rlm_ldap doesn't stop the authentication process because it doen't have a User-Password attribut ? in my case, rlm_ldap doesn't only do a LDAP bind with User/password entered by the supplicant. It does : FreeRADIUS Active Directory LDAP(Bind:User=admin , password=xxx) -> LDAP(Bind Succesfull) <- LDAP(Search:cn=usertoauthenticate)+list of radius attributes -> LDAP(Success:msNPAllowDialin=True) <- Then rlm_ldap make the erro message : Needs Attribute User-Password to authenticate I think rlm_ldap would like in the last LDAP packet that the Active Directory return a User-Password attribut. Why? Why not only trying to make an LDAP bind with user/password of the user to authenticate? Or how to turn rlm_ldap in this mode (if there is more than one mode in rlm_ldap) Thank you again _ MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Active Directory - rlm_ldap
Hi I want to authenticate users with username/password stored in an Active Directory server I can access the Active Directory from my freeRADIUS server via rlm_ldap module, i can search and find users into Active Directory, but i can't access the password (even in crypt form). Here is the error message : rlm_ldap: Attribute User-Password is required for authentication 1/ Which is the attribut that store users password in Active Directory ? 2/ With which algorythm the password is encrypted ? 3/ How to tell to rlm_ldap to check not User-Password attribut but another attribut? 4/ How to access this attribute (if possible) ? 5/ If not possible, how can i say to rlm_ldap to try to bind with the user/password pair i want to authenticate and if the bind is successful, to grant access to the user ? 6/ I don't want to use rlm_smb, and if possible not to use PAM (leaks memory) with Kerberos 7/ I don't want to proxy to an IAS server :) Thank You a lot P.S : i have read others mail about this problem but i can't find a way that work _ Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=features/junkmail - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
(no subject)
Hi I want to authenticate users with username/password stored in an Active Directory server I can access the Active Directory from my freeRADIUS server via rlm_ldap module, i can search and find users into Active Directory, but i can't access the password (even in crypt form). Here is the error message : rlm_ldap: Attribute User-Password is required for authentication 1/ Which is the attribut that store users password in Active Directory ? 2/ With which algorythm the password is encrypted ? 3/ How to tell to rlm_ldap to check not User-Password attribut but another attribut? 4/ How to access this attribute (if possible) ? 5/ If not possible, how can i say to rlm_ldap to try to bind with the user/password pair i want to authenticate and if the bind is successful, to grant access to the user ? 6/ I don't want to use rlm_smb, and if possible not to use PAM (leaks memory) with Kerberos 7/ I don't want to proxy to an IAS server :) Thank You a lot P.S : i have read others mail about this problem but i can't find a way that work _ STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
User account in Active Directory and MD5-Challenge Authentication
Thakn You for your answer. The problem is that I can't find and access the attribut i need in Active Directory. I would like to use MD5-Challenge, so I have to make my LDAP search on which Active Directory attribut? Thanks a lot one more time _ Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
User account in Active Directory and MD5-Challenge Authentication
Hello I would like to know if it was possible to make the authentication via Active Directory without using PAM and Kerberos Authentication. Thank you a lot _ MSN Messenger : discutez en direct avec vos amis ! http://messenger.fr.msn.ch - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html