Hi list,
A lot of people on this list would like to integrate Active Directory with FreeRADIUS in order to provide a transparent user authentication login process.
There are at least 2 ways to integrate AD: LDAP and NTLM.
I've written a tutorial about how to do this with NTLM (winbind, ntlm_auth). The Windows supplicants are configured to work with PEAP and MSCHAPv2.
You can download it from here:
Good luck!
Regards,
Charles Schwartz
-
List info/subscribe/unsubscribe? See

Tue, 22 Nov 2005, charles schwartz wrote:

A lot of people on this list would like to integrate Active Directory with FreeRADIUS in order to provide a transparent user authentication login process.

There are at least 2 ways to integrate AD: LDAP and NTLM.
I've written a tutorial about how to do this with NTLM (winbind, ntlm_auth). The Windows supplicants are configured to work with PEAP and MSCHAPv2.

You can download it from here:

This is a god-send.

I have one debian specific error

rlm_eap: Failed to link EAP-Type/tls: rlm_eap_tls.so: cannot open shared
object file: No such file or directory
radiusd.conf[9]: eap: Module instantiation failed.

it seems that the shared object is not shipped when I did
apt-get install freeradius
-
List info/subscribe/unsubscribe? See

Hi Charles,
thank you for that howto.
A typo, that you might want to correct:
page 9 it should be -instead of -nt-request-key and
instead of -username.

Norbert Wegener

charles schwartz wrote:

>Hi list,
>
>A lot of people on this list would like to integrate Active Directory with FreeRADIUS in order to provide a transparent user authentication login process.
>
>There are at least 2 ways to integrate AD: LDAP and NTLM.
>I've written a tutorial about how to do this with NTLM (winbind, ntlm_auth). The Windows supplicants are configured to work with PEAP and MSCHAPv2.

>You can download it from here:
>
>
>Good luck!
>
>Regards,
>Charles Schwartz
>-
>List info/subscribe/unsubscribe? See

-
List info/subscribe/unsubscribe? See

Tue, 22 Nov 2005, charles schwartz wrote:

Hi list,

A lot of people on this list would like to integrate Active Directory with FreeRADIUS in order to provide a transparent user authentication login process.

There are at least 2 ways to integrate AD: LDAP and NTLM.
I've written a tutorial about how to do this with NTLM (winbind, ntlm_auth). The Windows supplicants are configured to work with PEAP and MSCHAPv2.

You can download it from here:

thanks for this. I change to use the /dev/random as per your tutorial but
radiusd hangs. When I change the random_file back to the original then it
works

random_file = ${raddbdir}/certs/random

In my tls section of eap.conf I have

tls {
private_key_password = whatever
private_key_file = ${raddbdir}/certs/cert-srv.pem
CA_file = ${raddbdir}/certs/demoCA/cacert.pem
dh_file = ${raddbdir}/certs/dh
random_file = /dev/random
}

But when I run radiusd -X it just hangs there after getting to the
following.

rlm_eap: Loaded and initialized type gtc
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file = "/"
tls: certificate_file = "/"
tls: CA_file = "/"
tls: private_key_password = "whatever"
tls: dh_file = "/etc/freeradius/certs/dh"
tls: random_file = "/dev/random"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = "(null)"

And Strace shows

13519 open("/",
RDNLY|LARGEFILE) = 6
13519 fstat64(6, {st_mode=S_IFREG|0644, st_size=1350, }) = 0
13519 open("/", RDNLY|LARGEFILE) = 6
13519 fstat64(6, {st_mode=S_IFREG|0644, st_size=2429, }) = 0
13519 open("/", RDNLY|LARGEFILE) = 6
13519 fstat64(6, {st_mode=S_IFREG|0644, st_size=2429, }) = 0
13519 stat64("/dev/random", {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 8),
}) = 0
13519 open("/dev/random", RDNLY) = 6

[root@smtcorms02 /usr/lib/ssl ]# ls -la /dev/random
crw-rw-rw- 1 root root 1, 8 Nov 2 12:02 /dev/random
[root@smtcorms02 /usr/lib/ssl ]# ls -la /dev/urandom
cr 1 root root 1, 9 Nov 2 12:02 /dev/urandom
-
List info/subscribe/unsubscribe? See

Tue, 22 Nov 2005, charles schwartz wrote:

Hi list,

A lot of people on this list would like to integrate Active Directory with FreeRADIUS in order to provide a transparent user authentication login process.

There are at least 2 ways to integrate AD: LDAP and NTLM.
I've written a tutorial about how to do this with NTLM (winbind, ntlm_auth). The Windows supplicants are configured to work with PEAP and MSCHAPv2.

You can download it from here:

I think everything is very close, but all I have to test with is
NTRadPing.

Would it be possible if someone can comment on the fields that I need to
fill in for NTRadPing in order to test my AD account properly. I have
already gotten NTRadPing to work against a hard coded user, as well as a
unix account, but I have no idea which options I need to set to test the
AD account.
-
List info/subscribe/unsubscribe? See