RADIUS Questions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

I've been running FreeRadius 2 on Centos 5.5 for a while now. So far so good. I'm now looking to make connecting to our WPA secured wireless easier.

The RADIUS server is running in a VM and since the system is in use I have copied the original and used that copy to create a test environment. I have run through all system updates and have upgraded all relevant packages. The test system is at 5.6 now.

Currently with Windows machines I can't just connect to the SSID and enter in a username and password. I have to go and manually add the SSID, modify some settings; specifically turning off validating server certificate, turning off automatically use my Windows login, and turning on User or computer authentication mode.

We also have some OS X clients. Fortunately connecting via OS X is easier. The catch is that I have to join the machine to our domain. After that it's pretty much username and password, and they are on.

Ideally I would like to have a simple "connect to this SSID, enter your username and password and that's it" solution and still have all requests checked against our Active Directory server.

On a side note. I'm going through my settings trying to get this working more smoothly and I ran across:

wbinfo –a user%password (yes I'm adding in my username and pass)

plaintext password authentication succeeded
challenge/response password authentication failed
error code was NT_STATUS_ACCESS_DENIED (0xc0000022)
error messsage was: winbind client not authorized to use winbindd_pam_auth_crap. Ensure permissions on /var/cache/samba/winbindd_privileged are set correctly.
Could not authenticate user MYUSERNAME with challenge/response

I know the 2 error lines are permissions related. I'm not sure what the permissions should be on this file/folder. Can someone let me know this?

The tutorial from FreeRadius says that I should get output similar to:

plaintext password authentication failed
error code was NT_STATUS_NO_SUCH_USER (0xc0000064)
error message was: No such user
Could not authenticate user CHSchwartz%mypassword with plaintext password

Yet

ntlm_auth --request-nt-key --domain=MYDOMAIN --username=MYUSERNAME
NT_STATUS_OK: Success (0x0)

So the Auth is working. I don't understand though why my AD server is letting cleartext passwords through. It shouldn't right?

Any help would be greatly appreciated.

Dan
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux