Difference between revisions of "FreeRADIUS WPA2-Enterprise Windows Active Directory"

From Michael's Information Zone
Jump to navigation Jump to search
 
(3 intermediate revisions by the same user not shown)
Line 1: Line 1:
<ref>https://blog.practichem.com/configuring-freeradius-for-wpa2-enterprise-with-active-directory-integration-on-ubuntu-1404/</ref>
+
<ref>https://blog.practichem.com/configuring-freeradius-for-wpa2-enterprise-with-active-directory-integration-on-ubuntu-1404/</ref><ref>http://deployingradius.com/documents/configuration/active_directory.html</ref><ref>http://wiki.freeradius.org/protocol/EAP#eap-sub-types_peap</ref>
 
  [root@radius02 ~]# yum install samba-winbind-clients samba
 
  [root@radius02 ~]# yum install samba-winbind-clients samba
 
  [root@radius02 ~]# mv /etc/samba/smb.conf  /etc/samba/smb.conf.bak
 
  [root@radius02 ~]# mv /etc/samba/smb.conf  /etc/samba/smb.conf.bak
Line 17: Line 17:
 
  your.domain.net = {
 
  your.domain.net = {
 
   
 
   
  >kdc = **your.domain.net**
+
  kdc = **your.domain.net**
 
   
 
   
  >}
+
  }
 +
[root@radius02 ~]# systemctl start smb
 +
[root@radius02 ~]# net join -u Administrator
 
  [root@radius02 ~]# systemctl start winbind
 
  [root@radius02 ~]# systemctl start winbind
 
  [root@radius02 ~]# ntlm_auth --request-nt-key --domain=domain --username=user --password=password
 
  [root@radius02 ~]# ntlm_auth --request-nt-key --domain=domain --username=user --password=password
Line 27: Line 29:
 
         wait = yes
 
         wait = yes
 
         program = "/usr/bin/ntlm_auth --request-nt-key --domain=your --username=%{mschap:User-Name} --password=%{User-Password}"
 
         program = "/usr/bin/ntlm_auth --request-nt-key --domain=your --username=%{mschap:User-Name} --password=%{User-Password}"
}
+
}
 +
[root@radius02 ~]# nano /etc/raddb/mods-available/mschap

Latest revision as of 14:40, 18 October 2016

[1][2][3] 

[root@radius02 ~]# yum install samba-winbind-clients samba
[root@radius02 ~]# mv /etc/samba/smb.conf  /etc/samba/smb.conf.bak
[root@radius02 ~]# nano /etc/samba/smb.conf
[global]
workgroup = your
security = ads
password server = your.domain.net
realm = your.domain.net
[root@radius02 ~]# nano /etc/krb5.conf
[realms]
# EXAMPLE.COM = {
#  kdc = kerberos.example.com
#  admin_server = kerberos.example.com
# }

your.domain.net = {

kdc = **your.domain.net**

}
[root@radius02 ~]# systemctl start smb
[root@radius02 ~]# net join -u Administrator
[root@radius02 ~]# systemctl start winbind
[root@radius02 ~]# ntlm_auth --request-nt-key --domain=domain --username=user --password=password
NT_STATUS_OK: Success (0x0)
[root@radius02 ~]# nano /etc/raddb/mods-available/ntlm_auth
exec ntlm_auth {
       wait = yes
       program = "/usr/bin/ntlm_auth --request-nt-key --domain=your --username=%{mschap:User-Name} --password=%{User-Password}"
}

[root@radius02 ~]# nano /etc/raddb/mods-available/mschap

  1. https://blog.practichem.com/configuring-freeradius-for-wpa2-enterprise-with-active-directory-integration-on-ubuntu-1404/
  2. http://deployingradius.com/documents/configuration/active_directory.html
  3. http://wiki.freeradius.org/protocol/EAP#eap-sub-types_peap
Retrieved from "https://wiki.1701technology.com/index.php?title=FreeRADIUS_WPA2-Enterprise_Windows_Active_Directory&oldid=237"