unsubscribe
John Wan Project Manager (DMZ project), Information Technology Services Melbourne Business School T: +61 3 9349 8428 F: +61 3 9349 8433 M: 0419 349 339 Please consider the environment before printing this email > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > Alan DeKok > Sent: Tuesday, 2 October 2007 3:06 PM > To: FreeRadius users mailing list > Subject: Re: Shared Secret > > Cesar De la Hoz wrote: > > I want to setup a Client in my server by only setting his IP, and not caring about the share secret he's using. Is this > possible ? > > No. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- ___ Notice from Melbourne Business School Ltd The information contained in this e-mail is confidential, and is intended for the named person's use only. It may contain proprietary or legally privileged information. If you have received this email in error, please notify the sender and delete it immediately. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient Internet communications are not secure. You should scan this message and any attachments for viruses. Melbourne Business School does not accept any liability for loss or damage which may result from receipt of this message or any attachments. __ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
unsubscribe
unsubscribe John Wan Please consider the environment before printing this email > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of [EMAIL PROTECTED] > Sent: Friday, 28 September 2007 9:02 AM > To: FreeRadius users mailing list > Subject: Re: same attribute for multiple users > > 1. Read instructions in users file. > > 2. Don't use User-Password. To find out what should you use - see 1. > > 3. Yes, that's what DEFAULT entries are for. To find out how - see 1. > > Ivan Kalik > Kalik Informatika ISP > > > Dana 27/9/2007, "Sergio Del Pino" <[EMAIL PROTECTED]> piše: > > >Hi, I'm a newbie on freeradius, I need to send the same attribute to > >multiple users how can I do, I'm using freeradius.net 1.1.7 > my users > >files work this way > > > >user1User-Password == "pwusr1" > >user2User-Password == "pwusr2" > > > >usernUser-Password == "pwusrn" > > > > > >the attribute I need to send is > > Filter-Id="some_acl0.in" to any user that radius send > access-accept > > > >I want to know the config sintax in order to avoid this: > > > > > >user1User-Password == "pwusr1" > > Filter-Id="some_acl0.in" > >user2User-Password == "pwusr2" > > Filter-Id="some_acl0.in" > > > >usernUser-Password == "pwusrn" > > Filter-Id="some_acl0.in" > > > >May I use the DEFAULT? > > > >Thanks in advance, > > > >Sergio > >- > >List info/subscribe/unsubscribe? See > >http://www.freeradius.org/list/users.html > > > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > -- ___ Notice from Melbourne Business School Ltd The information contained in this e-mail is confidential, and is intended for the named person's use only. It may contain proprietary or legally privileged information. If you have received this email in error, please notify the sender and delete it immediately. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient Internet communications are not secure. You should scan this message and any attachments for viruses. Melbourne Business School does not accept any liability for loss or damage which may result from receipt of this message or any attachments. __ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
unsubscribe
Unsubscribe Hi All, I am sorry I did a mistake (I did copy and past from someone's email) last week. I would like to say thank you all of you, particularly to Alan DeKok. Cheers John Wan > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Alan DeKok > Sent: Wednesday, 26 September 2007 10:27 AM > To: [EMAIL PROTECTED]; FreeRadius users mailing list > Subject: Re: Strange CHAP/PAP issue (Version 1.1.6)[sic!] > > Wojciech Ziniewicz wrote: > > Now , after deleting theese lines : > ... > > I've got the following : > > > > rlm_sql (sql): No matching entry in the database for > request from user [TEST] > > modcall[authorize]: module "sql" returns notfound for request 0 > > Then you did something else, or your configuration is NOT > what you said it was. > > > Then after changing the operator to ":=" I've got again : > > Which operator? The only entry you need is > Cleartext-Password := "TEST..." > > 1) That's what you said you had > 2) the operator is already ":=". > > > rlm_chap: Using clear text password "TEST987" for user > TEST authentication. > > rlm_chap: Password check failed > > See? Either the client is broken, OR the password you > entered on the client isn't the same as the one you put into the DB. > > > THe pppoe client's are mainly windows XP , windows Vista, > linux, 3com, > > cisco and netgear routers as well as the pppoe-server is residing > > locally on the same machine as freeradius (that stores > everything in > > mysql on the other machine but that's not a clue) - none of > them can > > authenticate so i cant'believe it's th broken ppp client . > > No... the RADIUS client is broken. i.e. Maybe the PPPoE server. > > There have been a LOT of problems on this list which have > been tracked down to broken PPPoE servers. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > -- ___ Notice from Melbourne Business School Ltd The information contained in this e-mail is confidential, and is intended for the named person's use only. It may contain proprietary or legally privileged information. If you have received this email in error, please notify the sender and delete it immediately. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient Internet communications are not secure. You should scan this message and any attachments for viruses. Melbourne Business School does not accept any liability for loss or damage which may result from receipt of this message or any attachments. __ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
unsubscribe
thanks for all the help guys, Im no longer using freeradius at work. Big thanks to every1 (excluding Alan Dekok...) unsubscribe John Wan Please consider the environment before printing this email > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Jacob Jarick > Sent: Friday, 21 September 2007 1:27 PM > To: FreeRadius users mailing list > Subject: unsubscribe > > thanks for all the help guys, Im no longer using freeradius at work. > Big thanks to every1 (excluding Alan Dekok, sorry we had our diff). > > Take it easy. > > unsubscribe > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > -- ___ Notice from Melbourne Business School Ltd The information contained in this e-mail is confidential, and is intended for the named person's use only. It may contain proprietary or legally privileged information. If you have received this email in error, please notify the sender and delete it immediately. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient Internet communications are not secure. You should scan this message and any attachments for viruses. Melbourne Business School does not accept any liability for loss or damage which may result from receipt of this message or any attachments. __ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius Authentication to Actice Directory
Hi Sanni,
Do you use Chillispots for the login screen or use other method.
Thanks for your information.
Regards
John
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of sanni
Sent: Friday, 23 February 2007 1:47 AM
To: freeradius-users@lists.freeradius.org
Subject: Freeradius Authentication to Actice Directory
I configured a freeradius server which should authenticate users on a
Windows
2003 Active Directory server.
Here are my configs:
http://sanni.org/stuff/radius/clients.conf
http://sanni.org/stuff/radius/eap.conf
http://sanni.org/stuff/radius/radiusd.conf
http://sanni.org/stuff/radius/users
The Clients are Windows XP SP2 with WPA2 Patch.
If i try to authenticate with a Dell Laptop and its integratet wlan card
it works fine (log: http://sanni.org/stuff/radius/works.txt).
But if i try to logon on with a PC, which has a USB wlan card
(http://www.avm.de/de/Produkte/FRITZBox/FRITZ_WLAN_USB_Stick/index.html)
i get "Exec-Program output: Logon failure (0xc06d)". Settings are
the same. And the USB stick works in the Laptop also.
I seems that the freeradius works correct with laptops, but why doesn't
it work with normal PCs.
Here is the full debug, of a try with a normal PC:
[EMAIL PROTECTED]:/var/log/radius# radiusd -X Starting - reading
configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/eap.conf
main: prefix = ""
main: localstatedir = "/var"
main: logdir = "/var/log/radius"
main: libdir = "/lib"
main: radacctdir = "/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/var/log/radius/radius.log"
main: log_auth = yes
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/var/run/radiusd/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/sbin/checkrad"
main: proxy_requests = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /lib
Module: Loaded PAP
pap: encryption_scheme = "md5"
pap: auto_header = no
Module: Instantiated pap (pap)
Module: Loaded MS-CHAP
mschap: use_mppe = no
mschap: require_encryption = yes
mschap: require_strong = yes
mschap: with_ntdomain_hack = yes
mschap: passwd = "(null)"
mschap: ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
--username=%{mschap:User-Name} --challenge=%{mschap:Challenge:-00}
--nt-response=%{mschap:NT-Response:-00}"
Module: Instantiated mschap (mschap)
Module: Loaded eap
eap: default_eap_type = "peap"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = "Password: "
gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file = "/etc/raddb/certs/lmtsu001.pem"
tls: certificate_file = "/etc/raddb/certs/lmtsu001.pem"
tls: CA_file = "/etc/raddb/certs/LiebherrRootCA.pem"
tls: private_key_password = "secret"
tls: dh_file = "/etc/raddb/certs/dh"
tls: random_file = "/etc/raddb/certs/random"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = "(null)"
tls: cipher_list = "(null)"
tls: check_cert_issuer = "(null)"
rlm_eap_tls: Loading the certificate file as a chain
rlm_eap: Loaded and initialized type tls
peap: default_eap_type = "mschapv2"
peap: copy_request_to_tunnel = no
peap: use_tunneled_reply = no
peap: proxy_tunneled_request_as_eap = yes
rlm_eap: Loaded and initialized type peap
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/etc/raddb/huntgroups"
preprocess: hints = "/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
preprocess: with_alvarion_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
RE: a freeradious/wireless solution for a school
Hi Michael, I have setup the "chillispot"+"freeRadius"+"Win2k3AD" for my wireless network. Everything is working but the AD authentication. Apparently the reason not working is because AD does not like the CHAP authentication and AD likes MS-CHAP. I do not know how to configure and where to configure my Linux box to use MS-CHAP instead of CHAP. Have you done this before? If you do would you please teach me how to rectify this problem. Please see the following output from "$ Radius -X" when a wireless client uses "administrator" logon into the chillispot web logon page: Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1:32772, id=0, length=223 User-Name = "administrator" CHAP-Challenge = 0xa784482e8ac92fd573e87bbbad9ca58f CHAP-Password = 0x00f54cc04e288eec67feff0b13e9448bd2 NAS-IP-Address = 0.0.0.0 Service-Type = Login-User Framed-IP-Address = 192.168.182.5 Calling-Station-Id = "00-16-6F-79-91-F4" Called-Station-Id = "00-05-5D-9E-0F-94" NAS-Identifier = "nas01" Acct-Session-Id = "45aec9a9" NAS-Port-Type = Wireless-802.11 NAS-Port = 0 Message-Authenticator = 0x97668bae73249b0dd4755ab03d364f34 WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff"; Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 rlm_chap: Setting 'Auth-Type := CHAP' modcall[authorize]: module "chap" returns ok for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "administrator", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 users: Matched DEFAULT at 153 modcall[authorize]: module "files" returns ok for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type CHAP auth: type "CHAP" Processing the authenticate section of radiusd.conf modcall: entering group Auth-Type for request 0 rlm_chap: login attempt by "administrator" with CHAP password rlm_chap: Could not find clear text password for user administrator modcall[authenticate]: module "chap" returns invalid for request 0 modcall: group Auth-Type returns invalid for request 0 auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... rad_recv: Access-Request packet from host 127.0.0.1:32772, id=0, length=223 Sending Access-Reject of id 0 to 127.0.0.1:32772 --- Walking the entire request list --- Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 0 with timestamp 45aecedc Nothing to do. Sleeping until we see a request. Many thanks in advance. John Wan > -Original Message- > From: > [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > s.org] On Behalf Of gkalinec > Sent: Friday, 26 January 2007 2:06 AM > To: freeradius-users@lists.freeradius.org > Subject: RE: a freeradious/wireless solution for a school > > > The database is not a problem, since we have a huge one in > place, one stored in Active Directory (for which I can use > the freeradius LDAP module) or MySQL one. The database is > really our main strength, since we have tons of information > about every student, staff and parent in (its what my main > job responsibility entails). A quick question, however, > would this be just as eay to set up on a Macintosh? (since > many of my supplicants will be macs..) > > German Kalinec > > > King, Michael wrote: > > > > Without being too subtle, You've mis-understood much of the > research > > you've read. Don't worry about it, there is quite a bit of > > contradictory information out there. > > > > There's quite a bit of background information, so it'll be a little > > bit before I mention FreeRADIUS. > > > > First. It's WPA, not WAP. (Different fields of technology) > > > > Forget much of what you've read. > > > > First, This is what you have been doing. > > > > Its called MAC filtering. The AP will only talk to MAC's > that it has > > in it's table. > > In short, this is useless, since if I wanted to get on, I&#
RE: help
Hi Alan, Thanks for your help again. Does the NAS documentation mean the documentation of my wireless access point? Thanks Regards John -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Monday, 22 January 2007 5:57 PM To: FreeRadius users mailing list Subject: Re: help John Wan wrote: > > I have followed all the instructions from http://deployingradius.com. > I do not know why I have had the CHAP authentication. See the NAS documentation. > I would like to use MS-CHAP authentication instead of CHAP, and do you > have any tipps for me for this kind of setup (MS-CHAP)? See the NAS documentation. The choice of CHAP or MS-CHAP is not under control of the RADIUS server. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- ___ Notice from Melbourne Business School Ltd The information contained in this e-mail is confidential, and is intended for the named person's use only. It may contain proprietary or legally privileged information. If you have received this email in error, please notify the sender and delete it immediately. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient Internet communications are not secure. You should scan this message and any attachments for viruses. Melbourne Business School does not accept any liability for loss or damage which may result from receipt of this message or any attachments. __ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: help
Hi Alan, Many thanks for your help. I have followed all the instructions from http://deployingradius.com. I do not know why I have had the CHAP authentication. I would like to use MS-CHAP authentication instead of CHAP, and do you have any tipps for me for this kind of setup (MS-CHAP)? Any hint would be great - thank you! Many thanks again. Regards John -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Thursday, 18 January 2007 6:16 PM To: FreeRadius users mailing list Subject: Re: help John Wan wrote: > Hi Alan, > > Now everything works but the Active Directory authentication,Please > see the following output from "$ Radiusd -X" when a wireless client > uses "administrator" logon into the chillispot web logon page: > > > Ready to process requests. > rad_recv: Access-Request packet from host 127.0.0.1:32772, id=0, > length=223 > User-Name = "administrator" > CHAP-Challenge = 0xa784482e8ac92fd573e87bbbad9ca58f > CHAP-Password = 0x00f54cc04e288eec67feff0b13e9448bd2 See my web page. You CANNOT do CHAP authentication to AD. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- ___ Notice from Melbourne Business School Ltd The information contained in this e-mail is confidential, and is intended for the named person's use only. It may contain proprietary or legally privileged information. If you have received this email in error, please notify the sender and delete it immediately. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient Internet communications are not secure. You should scan this message and any attachments for viruses. Melbourne Business School does not accept any liability for loss or damage which may result from receipt of this message or any attachments. __ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: help
Hi Alan, Now everything works but the Active Directory authentication,Please see the following output from "$ Radiusd -X" when a wireless client uses "administrator" logon into the chillispot web logon page: Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1:32772, id=0, length=223 User-Name = "administrator" CHAP-Challenge = 0xa784482e8ac92fd573e87bbbad9ca58f CHAP-Password = 0x00f54cc04e288eec67feff0b13e9448bd2 NAS-IP-Address = 0.0.0.0 Service-Type = Login-User Framed-IP-Address = 192.168.182.5 Calling-Station-Id = "00-16-6F-79-91-F4" Called-Station-Id = "00-05-5D-9E-0F-94" NAS-Identifier = "nas01" Acct-Session-Id = "45aec9a9" NAS-Port-Type = Wireless-802.11 NAS-Port = 0 Message-Authenticator = 0x97668bae73249b0dd4755ab03d364f34 WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff"; Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 rlm_chap: Setting 'Auth-Type := CHAP' modcall[authorize]: module "chap" returns ok for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "administrator", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 users: Matched DEFAULT at 153 modcall[authorize]: module "files" returns ok for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type CHAP auth: type "CHAP" Processing the authenticate section of radiusd.conf modcall: entering group Auth-Type for request 0 rlm_chap: login attempt by "administrator" with CHAP password rlm_chap: Could not find clear text password for user administrator modcall[authenticate]: module "chap" returns invalid for request 0 modcall: group Auth-Type returns invalid for request 0 auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... rad_recv: Access-Request packet from host 127.0.0.1:32772, id=0, length=223 Sending Access-Reject of id 0 to 127.0.0.1:32772 --- Walking the entire request list --- Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 0 with timestamp 45aecedc Nothing to do. Sleeping until we see a request. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Wan Sent: Friday, 5 January 2007 11:26 AM To: FreeRadius users mailing list Subject: RE: help Hi Alan, Many thanks for your help. Now the kerberos service and the Samba service are running now, I have followed your instructions on your webpage, but I still have experenced the similar issue, please see the folloewing: [EMAIL PROTECTED] ~]# net join -U Administrator Administrator's password: [2007/01/05 10:10:15, 0] libads/kerberos.c:ads_kinit_password(146) kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot find KDC for requested realm [2007/01/05 10:10:15, 0] utils/net_ads.c:ads_startup(186) ads_connect: Cannot find KDC for requested realm Joined domain MBUS. [EMAIL PROTECTED] ~]# wbinfo -a administrator%password plaintext password authentication failed Could not authenticate user administrator%password with plaintext password could not obtain winbind separator! could not obtain winbind domain name! challenge/response password authentication failed Could not authenticate user administrator with challenge/response Would you please give me some hints so I could try it again. All I need is to allow the freeradius server and Chillispot to hand over the authentication (for wireless client) to the Win2k3 Active Directory. To be able to achive that, I have to make sure the above two steps are working (at moment they are not working). Many thanks again in advance. Regards John -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Thursday, 14 December 2006 12:20 PM To: FreeRadius users mailing list Subject: Re: help John Wan wrote: > Would you please give me some hints how to start the Kerberos server > and how to solve the issue of > "ads_connect: Invalid credentials". Unfortunately, I'm not a kerberos or Samba expert. I know just enough to follow the script. If it doesn't work, I suggest asking on the Samba / kerberos lists. i.e. the
RE: help
Hi Alan, Many thanks for your help. Now the kerberos service and the Samba service are running now, I have followed your instructions on your webpage, but I still have experenced the similar issue, please see the folloewing: [EMAIL PROTECTED] ~]# net join -U Administrator Administrator's password: [2007/01/05 10:10:15, 0] libads/kerberos.c:ads_kinit_password(146) kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot find KDC for requested realm [2007/01/05 10:10:15, 0] utils/net_ads.c:ads_startup(186) ads_connect: Cannot find KDC for requested realm Joined domain MBUS. [EMAIL PROTECTED] ~]# wbinfo -a administrator%password plaintext password authentication failed Could not authenticate user administrator%password with plaintext password could not obtain winbind separator! could not obtain winbind domain name! challenge/response password authentication failed Could not authenticate user administrator with challenge/response Would you please give me some hints so I could try it again. All I need is to allow the freeradius server and Chillispot to hand over the authentication (for wireless client) to the Win2k3 Active Directory. To be able to achive that, I have to make sure the above two steps are working (at moment they are not working). Many thanks again in advance. Regards John -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Thursday, 14 December 2006 12:20 PM To: FreeRadius users mailing list Subject: Re: help John Wan wrote: > Would you please give me some hints how to start the Kerberos server > and how to solve the issue of > "ads_connect: Invalid credentials". Unfortunately, I'm not a kerberos or Samba expert. I know just enough to follow the script. If it doesn't work, I suggest asking on the Samba / kerberos lists. i.e. the people who wrote the software are the ones most likely to be able to help you. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- ___ Notice from Melbourne Business School Ltd The information contained in this e-mail is confidential, and is intended for the named person's use only. It may contain proprietary or legally privileged information. If you have received this email in error, please notify the sender and delete it immediately. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient Internet communications are not secure. You should scan this message and any attachments for viruses. Melbourne Business School does not accept any liability for loss or damage which may result from receipt of this message or any attachments. __ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: help
Hi Alan, Many thanks for the informatiom. I have experenced the following issues after following your instructures on your webpage: 1.) [EMAIL PROTECTED] ~]# net join -U Administrator Administrator's password: [2006/12/12 12:39:38, 0] utils/net_ads.c:ads_startup(186) ads_connect: Invalid credentials Joined domain MBUS. 2.) [EMAIL PROTECTED] ~]# wbinfo -a administrator%test plaintext password authentication failed Could not authenticate user administrator%test with plaintext password could not obtain winbind separator! could not obtain winbind domain name! challenge/response password authentication failed Could not authenticate user administrator with challenge/response 3.) Kerberos server has been installed but I could not start it. Would you please give me some hints how to start the Kerberos server and how to solve the issue of "ads_connect: Invalid credentials". Many thanks agin and much appreciated. Regards John -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Friday, 8 December 2006 1:21 PM To: FreeRadius users mailing list Subject: Re: help John Wan wrote: > But I would like to use the Windows 2k3 AD to authenticate the > username and password instead of using the user name and password from > the file "/etc/raddb/users" or in mysql. See the Wiki & my web site for instructions on using Active Directory. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- ___ Notice from Melbourne Business School Ltd The information contained in this e-mail is confidential, and is intended for the named person's use only. It may contain proprietary or legally privileged information. If you have received this email in error, please notify the sender and delete it immediately. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient Internet communications are not secure. You should scan this message and any attachments for viruses. Melbourne Business School does not accept any liability for loss or damage which may result from receipt of this message or any attachments. __ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
