freeradius + ad

Alexsander alexsander.rodrigues at gmail.com
Fri Aug 17 21:33:32 CEST 2007


hi alan,
enabling log_goodpass and log_badpass I took this lines:

  rlm_mschap: External script failed.
  rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
  modcall[authenticate]: module "mschap" returns reject for request 6
modcall: leaving group MS-CHAP (returns reject) for request 6
  rlm_eap: Freeing handler
  modcall[authenticate]: module "eap" returns reject for request 6
modcall: leaving group authenticate (returns reject) for request 6
auth: Failed to validate the user.
Login incorrect (rlm_mschap: Logon failure (0xc000006d)):
[REFAP\\dadfh9/<no User-Password attribute>] (from client localhost
port 0)

this means that ntlm_auth isn't receiving password parameter??


On 8/17/07, Alexsander <alexsander.rodrigues at gmail.com> wrote:
> hi alan,
> when I captured log I was using "radiusd -X -A -y -z > output.log"
>
> another thing:
> I capture some pieces of output log:
> radius_xlat: Running registered xlat function of module mschap for
> string 'NT-Domain'
> radius_xlat:  '--domain=REFAP'
> radius_xlat: Running registered xlat function of module mschap for
> string 'User-Name'
> radius_xlat:  '--username=dadfh9'
> radius_xlat: Running registered xlat function of module mschap for
> string 'Challenge'
>  mschap2: c6
> radius_xlat:  '--challenge=8fd10da49268b4b6'
> radius_xlat: Running registered xlat function of module mschap for
> string 'NT-Response'
> radius_xlat:  '--nt-response=aed525bc59e35522e8cf9fff11c533d9c5c866d6eb0f47c1'
>
> and did another test:
>
>
> s8860ru01:/tmp# /usr/bin/ntlm_auth --request-nt-key --domain=REFAP
> --username=dadfh9 --challenge=8fd10da49268b4b6
> --nt-response=aed525bc59e35522e8cf9fff11c533d9c5c866d6eb0f47c1
> Logon failure (0xc000006d)                           <-----logon error again
> s8860ru01:/tmp#
> s8860ru01:/tmp# /usr/bin/ntlm_auth --request-nt-key --domain=REFAP
> --username=dadfh9
> password:
> [2007/08/17 14:47:06, 10] intl/lang_tdb.c:lang_tdb_init(138)
>   lang_tdb_init: /usr/share/samba/en_US.UTF-8.msg: No such file or directory
> NT_STATUS_OK: Success (0x0)
> s8860ru01:/tmp#
>
>
> it's like wrong response or challenge ou some kind of hash.
> ps.: on output.log I saw this lines:
> mschap: with_ntdomain_hack = yes
> mschapv2: with_ntdomain_hack = no           <----- this must be yes or not?
> preprocess: with_ntdomain_hack = no
>
>
>
> On 8/17/07, A.L.M.Buxey at lboro.ac.uk <A.L.M.Buxey at lboro.ac.uk> wrote:
> > hi,
> >
> > last time i checked i'm sure its printed in full debug mode :
> >
> >  radiusd -X
> >
> >
> > alan
> > -
> > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> >
>
>
> --
> Alexsander A. Rodrigues
>
> Se você tivesse que identificar, em uma palavra, a razão pela qual  a
> raça humana ainda não atingiu (e nunca atingirá) todo o seu potencial,
> essa palavra seria "REUNIÕES".
> L.F.V.
>
> http://counter.li.org/cgi-bin/runscript/display-person.cgi?user=413267
>


-- 
Alexsander A. Rodrigues

Se você tivesse que identificar, em uma palavra, a razão pela qual  a
raça humana ainda não atingiu (e nunca atingirá) todo o seu potencial,
essa palavra seria "REUNIÕES".
L.F.V.

http://counter.li.org/cgi-bin/runscript/display-person.cgi?user=413267




More information about the Freeradius-Users mailing list