A year ago I tried to set up 802.1x on our network using PEAP/MSChapV2 without
any luck, but wanted to try again so here I am. I followed the document
titled, "FreeRADIUS Active Directory Integration HOWTO" on the FreeRadius Wiki
site and I am still not able to authenicate against AD. I hope s
Title: ntlm_auth not working
Hello all,
I seem to have a problem getting freeradius to authenticate users from Active Directory. I have installed and configured Samba and have added the server to the NT domain. I can use: "net ads info", "wbinfo -g", "wbinfo -u" successfully. I have mod
et up LDAP authentication against AD as
that will work in this case. Using ntlm_auth in that case is really
overkill.
--Mike
Graham, Robert wrote:
> Hello all,
>
> I seem to have a problem getting freeradius to authenticate users from
> Active Directory. I have installed and
What is the best way to authenticate users against Active Directory via
Freeradius? Is it with ntlm_auth or LDAP? My scenario is to authenicate our
VPN users (using Cisco VPN clients and VPN concentrators) to authenticate
against AD via radius. Somebody mentioned that if MSCHAP is not used du
Title: Problem with LDAP group searches
I'm trying to get Freeradius configured to authenicate our vpn users from a Cisco 3005 concentrator against Active Directory using the ldap module. When I authenicated a vpn user on a per user basis - it works fine. However, I want authenicate not onl
Dustin,
Thanks for the response. I was kind of wondering if the location of the group in Active Directory was an issue. But that brings up another question. Doesn't a ldapsearch use the basedn as a starting point? If instance, I have the basedn set as follows in radiusd.conf:
basedn =
Title: Re: Problem with LDAP group searches
>> I'm trying to get Freeradius configured to authenicate our vpn users
>> from a Cisco 3005 concentrator against Active Directory using the ldap
>> module. When I authenicated a vpn user on a per user basis - it works
>> fine. However, I want
Title: EAP problem
Hello list,
I have freeradius configured to authenicate users against active directory with ms-chap and can also do ldap group searches, all that is working great. Now what I need to do is implement 802.1x port authenication on our foundry switches and I'm running into p
Title: FW: Re: EAP problem
Alan, Thanks for the response.
> Do you mean EAP-MD5? I'm not sure what MD5-Challenge is...
Yes - EAP-MD5, The windows side (supplicant) is set to MD5-Challenge
>> I did get EAP to work when I supply the User-Password attribute in the users file, but I would
Title: Re: EAP problem
I am still having an issue autheniticating a user with EAP. I think Alan, has pointed out the issue in his previous reply, about LDAP not retrieving the User-Password from Active Directory. My understanding (as little as it may be) of the ldap section of the radiusd.c
Title: Re: EAP problem
I'm I correct to state that the "password_attribute = userPassword" in the ldap section causes ldap to retrieve the user's password out Active Directory? and if so, what I am doing wrong. The only thing that I can thing of is the mapping in the ldap.attrmap file which
Title: Re: EAP problem
> No. Messages in the past few days have said you can't get passwords
>from AD. It's impossible.
> You have to use ntlm_auth. See radiusd.conf
> Alan DeKok.
This still doesn't make any since. I have ntlm_auth enable, and it is working fine autheniticating our
Title: Re: EAP problem
>You _cannot_ read the unicodePwd attribute (where the actual passwd
>lies) from AD. It can only be written to, and then only under certain
>conditions (SSL/TLS connection, and if not written by an admin, then a
>delete/add must be performed in the same operation).
>T
Title: Problem with PEAP and MS-CHAPv2 and AD
I am having a strange problem, and was hoping for some expertise in this matter and I need to get this working very quickly since I am running out of time. I have freeradius configured to authenticate our users for a wired 802.1x environment. Au
Title: Problem with PEAP and MS-CHAPv2 and AD
I am having a strange problem, and was hoping for some expertise in this matter and I need to get this working very quickly since I am running out of time. I have freeradius configured to authenticate our users for a wired 802.1x environment. Au
Hello all,
I have FreeRadius v 2.1.10 installed and configured to authenticate
users against Active Directory using PEAP/MSChapV2 and perform Group
membership lookups via the ldap module so that I can configure radius
reply attributes to provide VLAN assignment and Dymanic ACL's. All is
working e
16 matches
Mail list logo
