FR 1.1.7 + AD 2003 + LDAP
Charlie B
cbwonderboy at gmail.com
Tue Apr 8 02:49:24 CEST 2008
Thanks Ivan,
We though there should be a key in the current logedon user as well, but all
of our domain users don't have an entry in the registry, even though we have
it check to cache the credentials. The only way we can produce this key is
to have WinXP use the "prompt for credentials" balloon.
2008/4/7 Ivan Kalik <tnt at kalik.net>:
> Wrong key:
>
> http://support.microsoft.com/kb/823731
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> Dana 8/4/2008, "Charlie B" <cbwonderboy at gmail.com> piše:
>
> >Hello everyone,
> >
> >We have setup FreeRadius w/ Active Direcotry using LDAP and ntlm as per
> the
> >wiki and everything is working great save one item of concern.
> >
> >When our users are needing to reset their password or have reset their
> >password ntlm fails
> >
> >I'm pretty certain that this is not a freeradius issue and I'm sorry to
> post
> >here however this would be the largest base for user whom may have
> >experienced this issue
> >
> >We can correct the issue if we remove the registry key located
> >HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EAPOL\Parameters however this
> removes
> >the 802.1x configuration for the machine.
> >
> >
> >rlm_ldap: looking for check items in directory...
> >rlm_ldap: looking for reply items in directory...
> >rlm_ldap: user Raduser authorized to use remote access
> >rlm_ldap: ldap_release_conn: Release Id: 0
> >
> >
> >rlm_mschap: Told to do MS-CHAPv2 for Raduser with NT-Password
> >radius_xlat: Running registered xlat function of module mschap for string
> >'User-Name'
> >radius_xlat: '--username=Raduser'
> >radius_xlat: Running registered xlat function of module mschap for string
> >'Challenge'
> > mschap2: 88
> >radius_xlat: '--challenge=5fb05b4d0e49743a'
> >radius_xlat: Running registered xlat function of module mschap for string
> >'NT-Response'
> >radius_xlat:
> >'--nt-response=abc64919a43a42c675c516ce59001bb4a3ef65d68f8de407'
> >Exec-Program output: Logon failure (0xc000006d)
> >Exec-Program-Wait: plaintext: Logon failure (0xc000006d)
> >Exec-Program: returned: 1
> > rlm_mschap: External script failed.
> > rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
> > modcall[authenticate]: module "mschap" returns reject for request 48
> >modcall: leaving group MS-CHAP (returns reject) for request 48
> > rlm_eap: Freeing handler
> > modcall[authenticate]: module "eap" returns reject for request 48
> >modcall: leaving group authenticate (returns reject) for request 48
> >auth: Failed to validate the user.
> >Login incorrect (rlm_mschap: Logon failure (0xc000006d)): [Raduser/<no
> >User-Password attribute>] (from client localhost port 0)
> >
> >
> >
> >freeradius-1.1.7-3.1
> >samba-3.0.28-0
> >samba-client-3.0.28-0
> >samba-common-3.0.28-0
> >
> >
> >
> >Any help much appreciated, we currently running about 1500 users with
> this
> >setup and everything is great save the password issue.
> >
> >Thanks
> >
> >
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080407/bd198c66/attachment.html>
More information about the Freeradius-Users
mailing list