Re: authenticating to an Windows AD
I should have mentioned it's FreeRadius 2.1.1. -Mike On Tue, 18 Nov 2008, Mike Diggins wrote: Folks, I have freeradius running on a fedora linux box. I want to use it for authentication from an Apache web server using the radius interface. That part is working, and I'm able to authenticate web users only if they have a local account on the freeradius server. I want freeradius to authenticate against a Windows Active Directory. I installed Samba and am running Winbind, and wbinfo/ntlm_auth both are able to authenticate from the command line assuming I give it a valid username and password. What module in freeradius do I use to authenticate through Winbind? Could someone point me in the right direction please. -Mike - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: authenticating to an Windows AD
http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO worked for me. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] rg] On Behalf Of Mike Diggins Sent: Tuesday, November 18, 2008 3:43 PM To: FreeRadius users mailing list Subject: Re: authenticating to an Windows AD I should have mentioned it's FreeRadius 2.1.1. -Mike On Tue, 18 Nov 2008, Mike Diggins wrote: Folks, I have freeradius running on a fedora linux box. I want to use it for authentication from an Apache web server using the radius interface. That part is working, and I'm able to authenticate web users only if they have a local account on the freeradius server. I want freeradius to authenticate against a Windows Active Directory. I installed Samba and am running Winbind, and wbinfo/ntlm_auth both are able to authenticate from the command line assuming I give it a valid username and password. What module in freeradius do I use to authenticate through Winbind? Could someone point me in the right direction please. -Mike - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: authenticating to an Windows AD
Updated manual: http://deployingradius.com/documents/configuration/active_directory.html Ivan Kalik Kalik Informatika ISP Dana 18/11/2008, Danner, Mearl [EMAIL PROTECTED] piše: http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO worked for me. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] rg] On Behalf Of Mike Diggins Sent: Tuesday, November 18, 2008 3:43 PM To: FreeRadius users mailing list Subject: Re: authenticating to an Windows AD I should have mentioned it's FreeRadius 2.1.1. -Mike On Tue, 18 Nov 2008, Mike Diggins wrote: Folks, I have freeradius running on a fedora linux box. I want to use it for authentication from an Apache web server using the radius interface. That part is working, and I'm able to authenticate web users only if they have a local account on the freeradius server. I want freeradius to authenticate against a Windows Active Directory. I installed Samba and am running Winbind, and wbinfo/ntlm_auth both are able to authenticate from the command line assuming I give it a valid username and password. What module in freeradius do I use to authenticate through Winbind? Could someone point me in the right direction please. -Mike - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: authenticating to an Windows AD
Thanks very much for the pointer. That looks like what I want, however, after following those instructions, when I run radiusd -X, I get this error: /usr/local/etc/raddb/users[50]: Parse error (check) for entry user: Unknown value ntlm_auth for attribute Auth-Type Errors reading /usr/local/etc/raddb/users /usr/local/etc/raddb/modules/files[7]: Instantiation failed for module files /usr/local/etc/raddb/sites-enabled/inner-tunnel[111]: Failed to find module files. /usr/local/etc/raddb/sites-enabled/inner-tunnel[34]: Errors parsing authorize section. I added this to the top of the users file: userAuth-Type := ntlm_auth Any idea what is causing that? I think I followed the instructions correctly. -Mike On Tue, 18 Nov 2008, [EMAIL PROTECTED] wrote: Updated manual: http://deployingradius.com/documents/configuration/active_directory.html Ivan Kalik Kalik Informatika ISP Dana 18/11/2008, Danner, Mearl [EMAIL PROTECTED] piše: http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO worked for me. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] rg] On Behalf Of Mike Diggins Sent: Tuesday, November 18, 2008 3:43 PM To: FreeRadius users mailing list Subject: Re: authenticating to an Windows AD I should have mentioned it's FreeRadius 2.1.1. -Mike On Tue, 18 Nov 2008, Mike Diggins wrote: Folks, I have freeradius running on a fedora linux box. I want to use it for authentication from an Apache web server using the radius interface. That part is working, and I'm able to authenticate web users only if they have a local account on the freeradius server. I want freeradius to authenticate against a Windows Active Directory. I installed Samba and am running Winbind, and wbinfo/ntlm_auth both are able to authenticate from the command line assuming I give it a valid username and password. What module in freeradius do I use to authenticate through Winbind? Could someone point me in the right direction please. -Mike - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: authenticating to an Windows AD
Thanks very much for the pointer. That looks like what I want, however, after following those instructions, when I run radiusd -X, I get this error: /usr/local/etc/raddb/users[50]: Parse error (check) for entry user: Unknown value ntlm_auth for attribute Auth-Type Errors reading /usr/local/etc/raddb/users /usr/local/etc/raddb/modules/files[7]: Instantiation failed for module files /usr/local/etc/raddb/sites-enabled/inner-tunnel[111]: Failed to find module files. /usr/local/etc/raddb/sites-enabled/inner-tunnel[34]: Errors parsing authorize section. I added this to the top of the users file: userAuth-Type := ntlm_auth Any idea what is causing that? I think I followed the instructions correctly. Just add ntlm_auth to authenticate section of inner-tunnel virtual server as well. You need to add it to all enabled servers, not just default. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
