Hi, thanks for the Help. Actually im decided to create a new VM and reinstall the complete Server. I`m following the complete How-To, but i`m getting two different Errors. The First One is this: It`s under the first Point: Configuring Authentification with Active Directory I`m startet the Samba and Kerberos Services und used this Command: net join -U MyAdministrator
> Worked. I`m getting this Message: Using short domain name -- MYDomain Joined 'UBUNTU' to realm 'MYDomain' The next Step wbinfo -a user%password works too, but i`m getting this Error-Message: Could not authenticate user Username%Password with plaintext password challenge/response password authentication succeeded Is this normal? How can I fix it? The Response seems to work correctly. The Second One is this: It`s the last Point on this Page: Configuring FreeRadius to use ntml_auth for MS-CHAP In this Step, i must edit the following line with this text in the file: /etc/freeradius/modules/mschap ntlm_auth = "/path/to/ntlm_auth --request-nt-key --username=%{mschap:User-Name:-None} --domain=%{%{mschap:NT-Domain}:-MYDOMAIN} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}" But my default commented ntml_auth looks like this: ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} --challenge=%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00}" In my default ntlm_auth, the option "--domain=%{%{mschap:NT-Domain}:-MYDOMAIN}" is missing. Should i add it? Actually i`m using my default uncommented ntlm_auth. So, i`m going to test the MS-CHAP authentification reuqest with this command: $ radtest -t mschap bob hello localhost 0 testing123 And i`m getting this Error-Message: Sending Access-Request of id 251 to 127.0.0.1 port 1812 User-Name = "bob" NAS-IP-Address = 127.0.1.1 NAS-Port = 0 Message-Authenticator = 0x00000000000000000000000000000000 MS-CHAP-Challenge = 0x01774f129c72245c MS-CHAP-Response = 0x000100000000000000000000000000000000000000000000000024ff68dcea66e8348622a45aa91804201f2102e9ecc0add6 rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=251, length=38 MS-CHAP-Error = "\000E=691 R /etc/freeradius/users First Line: bob Cleartext-Password := "hello" # # Please read the documentation file ../doc/processing_users_file, # or 'man 5 users' (after installing the server) for more information. # .... @Mathieu Is there a current RADIUS-book that you can recommend? -- BeliarsFire
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html