Re: freeradius active directory integration fails with "no such realm"
Alan DeKok wrote: Andrei-Florian Staicu wrote: Hello again. I've reached the output from here: http://pastebin.com/d19f28a24 , and i still don't understand why it doesen't call the ntlm_auth line It looks like you are adding a "Proxy-To-Realm := LOCAL". ... PEAP: Sending tunneled request EAP-Message = 0x02060018014950534f305c616e647265692e737461696375 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "IPSO0\\andrei.staicu" server inner-tunnel { +- entering group authorize rlm_realm: Looking up realm "IPSO0" for User-Name = "IPSO0\andrei.staicu" rlm_realm: Found realm "IPSO0" rlm_realm: Adding Stripped-User-Name = "andrei.staicu" rlm_realm: Adding Realm = "IPSO0" rlm_realm: Authentication realm is LOCAL. ++[ntdomain] returns noop ++[mschap] returns noop ++[control] returns noop Why is that "update control" section there? What is in it? rlm_eap: Request is supposed to be proxied to Realm LOCAL. Not doing EAP. It's being proxied to realm LOCAL. You have added a LOCAL realm. Don't do that. ++[eap] returns noop WARNING: You set Proxy-To-Realm = LOCAL, but the realm does not exist! Cancelling invalid proxy request. Even more proof. The IPSO0 realm above is added because it exists. The server does NOT add a "Proxy-To-Realm := LOCAL". You have done that. Delete it from your configuration. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html It works now. Thank you very much for clearing thing up for me. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius active directory integration fails with "no such realm"
Ivan Kalik wrote: Ivan Kalik wrote: One thing stands out though in the output of freeradius -X (only after changing the order of suffix and ntdomain in sites-available/default and radiusd.conf: ++[mschap] returns noop rlm_realm: Looking up realm "IPSO0" for User-Name = "IPSO0\andrei.staicu" rlm_realm: No such realm "IPSO0" ++[ntdomain] returns noop rlm_realm: No '@' in User-Name = "IPSO0\andrei.staicu", looking up realm NULL rlm_realm: No such realm "NULL" IPSO0 is the realm name for the domain ipso.biz (not the public site; this is internal and resolved as such by our dns) I've tried for about two weeks now, but i still have no ideea on how to define the realm IPSO0. Look at proxy.conf. Ivan Kalik Kalik Informatika ISP Hello again I tried defining the realm IPSO0 (probably wrong) and i see the requests being proxied to it, but it finally failes You have. It should be defined as local realm: realm IPSO0 { } Ivan Kalik Kalik Informatika ISP Hello again. I've reached the output from here: http://pastebin.com/d19f28a24 , and i still don't understand why it doesen't call the ntlm_auth line - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius active directory integration fails with "no such realm"
Ivan Kalik wrote: One thing stands out though in the output of freeradius -X (only after changing the order of suffix and ntdomain in sites-available/default and radiusd.conf: ++[mschap] returns noop rlm_realm: Looking up realm "IPSO0" for User-Name = "IPSO0\andrei.staicu" rlm_realm: No such realm "IPSO0" ++[ntdomain] returns noop rlm_realm: No '@' in User-Name = "IPSO0\andrei.staicu", looking up realm NULL rlm_realm: No such realm "NULL" IPSO0 is the realm name for the domain ipso.biz (not the public site; this is internal and resolved as such by our dns) I've tried for about two weeks now, but i still have no ideea on how to define the realm IPSO0. Look at proxy.conf. Ivan Kalik Kalik Informatika ISP Hello again I tried defining the realm IPSO0 (probably wrong) and i see the requests being proxied to it, but it finally failes with Login incorrect (Home Server says so): [IPSO0\\andrei.staicu/] I put the output here http://pastebin.com/m516967e2 , should it help. All i see in the output is ++[mschap] returns noop. Should the module "do" something before failing? Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius active directory integration fails with "no such realm"
Hello all, I tried to configure freeradius 2.0.4 on debian 5.0.2 (after recompiling with openssl support, as instructed in the debian readme) for authenticating wireless connections with wpa2-enterprise, using active directory user/password (windows xp as clients, d-link dwl 2200ap as ap's). I followed the how-to from http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO , but somehow i seem to fail. I know i should post here the configurations and the output of freeradius -X , but they are very long and i don't know what i should select. One thing stands out though in the output of freeradius -X (only after changing the order of suffix and ntdomain in sites-available/default and radiusd.conf: ++[mschap] returns noop rlm_realm: Looking up realm "IPSO0" for User-Name = "IPSO0\andrei.staicu" rlm_realm: No such realm "IPSO0" ++[ntdomain] returns noop rlm_realm: No '@' in User-Name = "IPSO0\andrei.staicu", looking up realm NULL rlm_realm: No such realm "NULL" IPSO0 is the realm name for the domain ipso.biz (not the public site; this is internal and resolved as such by our dns) I've tried for about two weeks now, but i still have no ideea on how to define the realm IPSO0. ntlm_auth works on that server: ntlm_auth --request-nt-key --username andrei.staicu --domain IPSO0 password: NT_STATUS_OK: Success (0x0) (note on this: using ntlm_auth –-request-nt-key –-domain= –-username= as in the howto doesen't seem to work, but ntlm_auth –-request-nt-key –-domain –-username username> works) Could you give me some pointers on how to continue? I've ran out of options with this one. If all the configuration files and all the output of freeradius -X are required, i'll post them in a pastebin and link here. Thanks in advance - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html