FR 1.1.7 + AD 2003 + LDAP

Ivan Kalik tnt at kalik.net
Tue Apr 8 02:45:19 CEST 2008 

Wrong key:

http://support.microsoft.com/kb/823731

Ivan Kalik
Kalik Informatika ISP


Dana 8/4/2008, "Charlie B" <cbwonderboy at gmail.com> piše:

>Hello everyone,
>
>We have setup FreeRadius w/ Active Direcotry using LDAP and ntlm as per the
>wiki and everything is working great save one item of concern.
>
>When our users are needing to reset their password or have reset their
>password ntlm fails
>
>I'm pretty certain that this is not a freeradius issue and I'm sorry to post
>here however this would be the largest base for user whom may have
>experienced this issue
>
>We can correct the issue if we remove the registry key located
>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EAPOL\Parameters however this removes
>the 802.1x configuration for the machine.
>
>
>rlm_ldap: looking for check items in directory...
>rlm_ldap: looking for reply items in directory...
>rlm_ldap: user Raduser authorized to use remote access
>rlm_ldap: ldap_release_conn: Release Id: 0
>
>
>rlm_mschap: Told to do MS-CHAPv2 for Raduser with NT-Password
>radius_xlat: Running registered xlat function of module mschap for string
>'User-Name'
>radius_xlat:  '--username=Raduser'
>radius_xlat: Running registered xlat function of module mschap for string
>'Challenge'
> mschap2: 88
>radius_xlat:  '--challenge=5fb05b4d0e49743a'
>radius_xlat: Running registered xlat function of module mschap for string
>'NT-Response'
>radius_xlat:
>'--nt-response=abc64919a43a42c675c516ce59001bb4a3ef65d68f8de407'
>Exec-Program output: Logon failure (0xc000006d)
>Exec-Program-Wait: plaintext: Logon failure (0xc000006d)
>Exec-Program: returned: 1
>  rlm_mschap: External script failed.
>  rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
>  modcall[authenticate]: module "mschap" returns reject for request 48
>modcall: leaving group MS-CHAP (returns reject) for request 48
>  rlm_eap: Freeing handler
>  modcall[authenticate]: module "eap" returns reject for request 48
>modcall: leaving group authenticate (returns reject) for request 48
>auth: Failed to validate the user.
>Login incorrect (rlm_mschap: Logon failure (0xc000006d)): [Raduser/<no
>User-Password attribute>] (from client localhost port 0)
>
>
>
>freeradius-1.1.7-3.1
>samba-3.0.28-0
>samba-client-3.0.28-0
>samba-common-3.0.28-0
>
>
>
>Any help much appreciated, we currently running about 1500 users with this
>setup and everything is great save the password issue.
>
>Thanks
>
>

More information about the Freeradius-Users mailing list