FR 1.1.7 + AD 2003 + LDAP

To: freeradius-users@lists.freeradius.org
Subject: FR 1.1.7 + AD 2003 + LDAP
From: "Charlie B" <cbwonderboy@gmail.com>
Date: Mon, 7 Apr 2008 18:07:21 -0600
Reply-to: FreeRadius users mailing list <freeradius-users@lists.freeradius.org>

Hello everyone,

We have setup FreeRadius w/ Active Direcotry using LDAP and ntlm as per the wiki and everything is working great save one item of concern.

When our users are needing to reset their password or have reset their password ntlm fails

I'm pretty certain that this is not a freeradius issue and I'm sorry to post here however this would be the largest base for user whom may have experienced this issue

We can correct the issue if we remove the registry key located HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EAPOL\Parameters however this removes the 802.1x configuration for the machine.

rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user Raduser authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0

rlm_mschap: Told to do MS-CHAPv2 for Raduser with NT-Password
radius_xlat: Running registered xlat function of module mschap for string 'User-Name'
radius_xlat: '--username=Raduser'
radius_xlat: Running registered xlat function of module mschap for string 'Challenge'
mschap2: 88
radius_xlat: '--challenge=5fb05b4d0e49743a'
radius_xlat: Running registered xlat function of module mschap for string 'NT-Response'
radius_xlat: '--nt-response=abc64919a43a42c675c516ce59001bb4a3ef65d68f8de407'
Exec-Program output: Logon failure (0xc000006d)
Exec-Program-Wait: plaintext: Logon failure (0xc000006d)
Exec-Program: returned: 1
rlm_mschap: External script failed.
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
modcall[authenticate]: module "mschap" returns reject for request 48
modcall: leaving group MS-CHAP (returns reject) for request 48
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns reject for request 48
modcall: leaving group authenticate (returns reject) for request 48
auth: Failed to validate the user.
Login incorrect (rlm_mschap: Logon failure (0xc000006d)): [Raduser/<no User-Password attribute>] (from client localhost port 0)

freeradius-1.1.7-3.1
samba-3.0.28-0
samba-client-3.0.28-0
samba-common-3.0.28-0

Any help much appreciated, we currently running about 1500 users with this setup and everything is great save the password issue.

Thanks

Follow-Ups:
- Re: FR 1.1.7 + AD 2003 + LDAP
  - From: "Ivan Kalik" <tnt@kalik.net>

Previous by Date: Re: EAP-TLS certificate
Next by Date: Re: Fwd: EAP Authentication
Previous by Thread: Re: Freeraduis 2.0.3 dies with Failed to insert event
Next by Thread: Re: FR 1.1.7 + AD 2003 + LDAP
Freeradius-Users April 2008 archives indexes sorted by: [ thread ] [ subject ] [ author ] [ date ]
Freeradius-Users list archive Table of Contents
More information about the Freeradius-Users mailing list

This archive was generated by a fusion of Pipermail (Mailman edition) and MHonArc.