Re: freeradius active directory integration fails with "no such realm"
Alan DeKok wrote:
Andrei-Florian Staicu wrote:
Hello again. I've reached the output from here:
http://pastebin.com/d19f28a24 , and i still don't understand why it
doesen't call the ntlm_auth line
It looks like you are adding a "Proxy-To-Realm := LOCAL".
...
PEAP: Sending tunneled request
EAP-Message =
0x02060018014950534f305c616e647265692e737461696375
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "IPSO0\\andrei.staicu"
server inner-tunnel {
+- entering group authorize
rlm_realm: Looking up realm "IPSO0" for User-Name =
"IPSO0\andrei.staicu"
rlm_realm: Found realm "IPSO0"
rlm_realm: Adding Stripped-User-Name = "andrei.staicu"
rlm_realm: Adding Realm = "IPSO0"
rlm_realm: Authentication realm is LOCAL.
++[ntdomain] returns noop
++[mschap] returns noop
++[control] returns noop
Why is that "update control" section there? What is in it?
rlm_eap: Request is supposed to be proxied to Realm LOCAL. Not doing
EAP.
It's being proxied to realm LOCAL. You have added a LOCAL realm.
Don't do that.
++[eap] returns noop
WARNING: You set Proxy-To-Realm = LOCAL, but the realm does not
exist! Cancelling invalid proxy request.
Even more proof. The IPSO0 realm above is added because it exists.
The server does NOT add a "Proxy-To-Realm := LOCAL". You have done
that. Delete it from your configuration.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
It works now. Thank you very much for clearing thing up for me.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius active directory integration fails with "no such realm"
Ivan Kalik wrote:
Ivan Kalik wrote:
One thing stands out though in the output of freeradius -X (only after
changing the order of suffix and ntdomain in sites-available/default
and
radiusd.conf:
++[mschap] returns noop
rlm_realm: Looking up realm "IPSO0" for User-Name =
"IPSO0\andrei.staicu"
rlm_realm: No such realm "IPSO0"
++[ntdomain] returns noop
rlm_realm: No '@' in User-Name = "IPSO0\andrei.staicu", looking up
realm
NULL
rlm_realm: No such realm "NULL"
IPSO0 is the realm name for the domain ipso.biz (not the public site;
this is internal and resolved as such by our dns)
I've tried for about two weeks now, but i still have no ideea on how to
define the realm IPSO0.
Look at proxy.conf.
Ivan Kalik
Kalik Informatika ISP
Hello again
I tried defining the realm IPSO0 (probably wrong) and i see the requests
being proxied to it, but it finally failes
You have. It should be defined as local realm:
realm IPSO0 {
}
Ivan Kalik
Kalik Informatika ISP
Hello again. I've reached the output from here:
http://pastebin.com/d19f28a24 , and i still don't understand why it
doesen't call the ntlm_auth line
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius active directory integration fails with "no such realm"
Ivan Kalik wrote: One thing stands out though in the output of freeradius -X (only after changing the order of suffix and ntdomain in sites-available/default and radiusd.conf: ++[mschap] returns noop rlm_realm: Looking up realm "IPSO0" for User-Name = "IPSO0\andrei.staicu" rlm_realm: No such realm "IPSO0" ++[ntdomain] returns noop rlm_realm: No '@' in User-Name = "IPSO0\andrei.staicu", looking up realm NULL rlm_realm: No such realm "NULL" IPSO0 is the realm name for the domain ipso.biz (not the public site; this is internal and resolved as such by our dns) I've tried for about two weeks now, but i still have no ideea on how to define the realm IPSO0. Look at proxy.conf. Ivan Kalik Kalik Informatika ISP Hello again I tried defining the realm IPSO0 (probably wrong) and i see the requests being proxied to it, but it finally failes with Login incorrect (Home Server says so): [IPSO0\\andrei.staicu/] I put the output here http://pastebin.com/m516967e2 , should it help. All i see in the output is ++[mschap] returns noop. Should the module "do" something before failing? Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius active directory integration fails with "no such realm"
Hello all, I tried to configure freeradius 2.0.4 on debian 5.0.2 (after recompiling with openssl support, as instructed in the debian readme) for authenticating wireless connections with wpa2-enterprise, using active directory user/password (windows xp as clients, d-link dwl 2200ap as ap's). I followed the how-to from http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO , but somehow i seem to fail. I know i should post here the configurations and the output of freeradius -X , but they are very long and i don't know what i should select. One thing stands out though in the output of freeradius -X (only after changing the order of suffix and ntdomain in sites-available/default and radiusd.conf: ++[mschap] returns noop rlm_realm: Looking up realm "IPSO0" for User-Name = "IPSO0\andrei.staicu" rlm_realm: No such realm "IPSO0" ++[ntdomain] returns noop rlm_realm: No '@' in User-Name = "IPSO0\andrei.staicu", looking up realm NULL rlm_realm: No such realm "NULL" IPSO0 is the realm name for the domain ipso.biz (not the public site; this is internal and resolved as such by our dns) I've tried for about two weeks now, but i still have no ideea on how to define the realm IPSO0. ntlm_auth works on that server: ntlm_auth --request-nt-key --username andrei.staicu --domain IPSO0 password: NT_STATUS_OK: Success (0x0) (note on this: using ntlm_auth –-request-nt-key –-domain= –-username= as in the howto doesen't seem to work, but ntlm_auth –-request-nt-key –-domain –-username username> works) Could you give me some pointers on how to continue? I've ran out of options with this one. If all the configuration files and all the output of freeradius -X are required, i'll post them in a pastebin and link here. Thanks in advance - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
