Config problem: ntlm_auth works outside of freeradius, but not in

Ken George Ken.George at mi-services.com
Tue Jul 19 18:27:15 CEST 2005


The ntlm_auth command works from the command line, but not within
freeradius (1.0.1) on RHEL 3.0 update 4

Below is my ntlm_auth command from within radiusd.conf and the debug
output and the successful command line run of the ntlm_auth program.

 

Where do I look for what I have misconfigured?  I'm happy that I
configured the client section correctly and my 3005 is now talking to
freeradius, but I'll be happier when it can actually authorize.

 

 

ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
--username=%{Stripped-User-Name:-%{User-Name:-None}}
--domain=%{mschap:NT-Domain} --challenge=%{mschap:Challenge:-00}
--nt-response=%{mschap:NT-Response:-00}"

        }

 

Thread pool initialized

Listening on authentication *:1812

Listening on accounting *:1813

Listening on proxy *:1814

Ready to process requests.

Thread 2 got semaphore

Thread 2 handling request 1, (1 handled so far)

        User-Name = "ken george"

        User-Password = "262144"

        Vendor-3076-Attr-32 = 0x00000015

        NAS-IP-Address = 10.10.61.5

        NAS-Port-Type = Virtual

rad_lowerpair:  User-Name now 'ken george'

  Processing the authorize section of radiusd.conf

modcall: entering group authorize for request 1

  modcall[authorize]: module "preprocess" returns ok for request 1

  modcall[authorize]: module "chap" returns noop for request 1

  modcall[authorize]: module "mschap" returns noop for request 1   

rlm_realm: No '@' in User-Name = "ken george", looking up realm NULL

    rlm_realm: No such realm "NULL"

  modcall[authorize]: module "suffix" returns noop for request 1

    rlm_realm: No '\' in User-Name = "ken george", looking up realm NULL

    rlm_realm: No such realm "NULL"

  modcall[authorize]: module "ntdomain" returns noop for request 1

  rlm_eap: No EAP-Message, not doing EAP

  modcall[authorize]: module "eap" returns noop for request 1

    users: Matched DEFAULT at 204

  modcall[authorize]: module "files" returns ok for request 1

modcall: group authorize returns ok for request 1

  rad_check_password:  Found Auth-Type win_domain

auth: type "win_domain"

  Processing the authenticate section of radiusd.conf

modcall: entering group Auth-Type for request 1

radius_xlat:  '/usr/bin/ntlm_auth --username="ken george"
--password="xxxxxx" --domain=usmisgnet'

Exec-Program: /usr/bin/ntlm_auth --username="ken george" --password="
xxxxxx " --domain=usmisgnet

Exec-Program output: NT_STATUS_NO_SUCH_USER: No such user (0xc0000064)

Exec-Program-Wait: plaintext: NT_STATUS_NO_SUCH_USER: No such user
(0xc0000064)

Exec-Program: returned: 1

rlm_exec (win_domain): External script failed

  modcall[authenticate]: module "win_domain" returns fail for request 1

modcall: group Auth-Type returns fail for request 1

auth: Failed to validate the user.

Login incorrect: [ken george] (from client VPN3005_Pri port 0)

Delaying request 1 for 1 seconds

Finished request 1

Going to the next request

Thread 2 waiting to be assigned a request

rad_recv: Access-Request packet from host 10.10.61.5:1045, id=2,
length=74

Sending Access-Reject of id 2 to 10.10.61.5:1045

--- Walking the entire request list ---

Waking up in 2 seconds...

--- Walking the entire request list ---

Cleaning up request 1 ID 2 with timestamp 42dd17f4

Nothing to do.  Sleeping until we see a request.

 

 

 [root at phllnxsrv01 raddb]# /usr/bin/ntlm_auth --username="ken george"
--password=" xxxxxx " --domain=usmisgnet

NT_STATUS_OK: Success (0x0)

 

Thanks!

 

 

Ken George

Systems and Network Engineering

Mi Services Group, Inc.    

+1 610-230-2500 x129  

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20050719/ab47e7f6/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 884 bytes
Desc: image001.gif
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20050719/ab47e7f6/attachment.gif>


More information about the Freeradius-Users mailing list