The ntlm_auth command works from the
command line, but not within freeradius (1.0.1) on RHEL 3.0 update 4
Below is my ntlm_auth command from within
radiusd.conf and the debug output and the successful command line run of the
ntlm_auth program.
Where do I look for what I have
misconfigured? Im happy that I configured the client section
correctly and my 3005 is now talking to freeradius, but Ill be happier
when it can actually authorize.
ntlm_auth = /usr/bin/ntlm_auth
--request-nt-key --username=%{Stripped-User-Name:-%{User-Name:-None}}
--domain=%{mschap:NT-Domain} --challenge=%{mschap:Challenge:-00}
--nt-response=%{mschap:NT-Response:-00}
}
Thread pool initialized
Listening on authentication *:1812
Listening on accounting *:1813
Listening on proxy *:1814
Ready to process requests.
Thread 2 got semaphore
Thread 2 handling request 1, (1 handled so
far)
User-Name = ken george
User-Password = 262144
Vendor-3076-Attr-32 = 0x0015
NAS-IP-Address = 10.10.61.5
NAS-Port-Type = Virtual
rad_lowerpair: User-Name now 'ken
george'
Processing the authorize section of
radiusd.conf
modcall: entering group authorize for
request 1
modcall[authorize]: module
preprocess returns ok for request 1
modcall[authorize]: module
chap returns noop for request 1
modcall[authorize]: module
mschap returns noop for request 1
rlm_realm: No '@' in User-Name = ken
george, looking up realm NULL
rlm_realm: No such
realm NULL
modcall[authorize]: module
suffix returns noop for request 1
rlm_realm: No '\' in
User-Name = ken george, looking up realm NULL
rlm_realm: No such
realm NULL
modcall[authorize]: module
ntdomain returns noop for request 1
rlm_eap: No EAP-Message, not doing
EAP
modcall[authorize]: module
eap returns noop for request 1
users: Matched DEFAULT
at 204
modcall[authorize]: module
files returns ok for request 1
modcall: group authorize returns ok for
request 1
rad_check_password: Found
Auth-Type win_domain
auth: type win_domain
Processing the authenticate section
of radiusd.conf
modcall: entering group Auth-Type for
request 1
radius_xlat: '/usr/bin/ntlm_auth
--username=ken george --password=xx
--domain=usmisgnet'
Exec-Program: /usr/bin/ntlm_auth
--username=ken george --password= xx
--domain=usmisgnet
Exec-Program output:
NT_STATUS_NO_SUCH_USER: No such user (0xc064)
Exec-Program-Wait: plaintext:
NT_STATUS_NO_SUCH_USER: No such user (0xc064)
Exec-Program: returned: 1
rlm_exec (win_domain): External script
failed
modcall[authenticate]: module
win_domain returns fail for request 1
modcall: group Auth-Type returns fail for
request 1
auth: Failed to validate the user.
Login incorrect: [ken george] (from client
VPN3005_Pri port 0)
Delaying request 1 for 1 seconds
Finished request 1
Going to the next request
Thread 2 waiting to be assigned a request
rad_recv: Access-Request packet from host
10.10.61.5:1045, id=2, length=74
Sending Access-Reject of id 2 to 10.10.61.5:1045
--- Walking the entire request list ---
Waking up in 2 seconds...
--- Walking the entire request list ---
Cleaning up request 1 ID 2 with timestamp
42dd17f4
Nothing to do. Sleeping until we see
a request.
[EMAIL PROTECTED] raddb]# /usr/bin/ntlm_auth
--username=ken george --password= xx
--domain=usmisgnet
NT_STATUS_OK: Success (0x0)
Thanks!
Ken George
Systems and
Network Engineering
Mi Services
Group, Inc.
+1 610-230-2500
x129
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html