Happy new year 2017 for everyone!!
We have a FreeRADIUS V3 running on Ubuntu server. Server installed and configured with Integration to Active Directory, running Server 2008. Our Freeradius allows connection of AD users with MAC , Ubuntu, And Win Desktop, to login the WIFI (Cisco OS) using AD Accounts. I need to configure our FreeRadius on all Switches & Routers so that login will be carried out via The AD account,instead local user. In same way that users connect today to the Cisco Wireless. I went through a lot of guides and tutorials, and it just refuse to work. I enclose the findings I have gathered so far from FreeRADIUS: * When running “wbinfo -u | grep user” I'm able to get the AD User. * Running of : "ntlm_auth --request-nt-key --domain=MY.ACTUAL.DOMAIN --username=username" Return : Password: NT_STATUS_OK: Success (0x0) * When adding the Cisco 2960 switch to clients file with user&password in cleartext, I’m able to login to switch successfully. * Running radtest check against AD user i.e: “radtest AD_User passwd 127.0.0.1 1812 secretkey” Return “Expected Access-Accept got Access-Reject” * When running FreeRadius in debug via freeradius -X and attempting login Cisco, Below errors that recorded to the log screen: - ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject - mschap: ERROR: MS-CHAP2-Response is incorrect - MS-CHAP-Error = "\010E=691 R=1 C=06969570e488834b8cefb2ec3e748b81 V=3 M=Authentication failed" - ERROR: Failed continuing EAP PEAP (25) session. EAP sub-module failed - pap: WARNING: No "known good" password found for the user. Not setting Auth-Type - pap: WARNING: Authentication will fail unless a "known good" password is available
At this point , really ran out the ideas. What I'm missing, on which configuration file, And what need to add / change, to make it work.
I greatly appreciate any help here guys.
... View more