MSChap via ntlm_auth problem
Alan Buxey
A.L.M.Buxey at lboro.ac.uk
Wed Aug 19 14:43:16 CEST 2009
Hi,
> I have another freeradius host (freeradius 2.1.3) with the same
> authentication scheme.
> I look at debug output on it:
>
> Found Auth-Type = MSCHAP
> +- entering group MS-CHAP {...}
> [mschap] No Cleartext-Password configured. Cannot create LM-Password.
> [mschap] No Cleartext-Password configured. Cannot create NT-Password.
> [mschap] Told to do MS-CHAPv2 for BAS with NT-Password
> [mschap] WARNING: Deprecated conditional expansion ":-". See "man
> unlang" for details
> [mschap] WARNING: Deprecated conditional expansion ":-". See "man
> unlang" for details
> [mschap] expand:
> --username=%{Stripped-User-Name:-%{User-Name:-None}} -> --username=BAS
> [mschap] mschap2: bb
> [mschap] expand: --challenge=%{mschap:Challenge:-00} ->
> --challenge=205180e1818e1214
> [mschap] expand: --nt-response=%{mschap:NT-Response:-00} ->
> --nt-response=0a9b4e0053367b750904915b08aa65b792be3274e312aa78
> Exec-Program output: NT_KEY: A9B342EC3E218E54A330556C468415CD
> Exec-Program-Wait: plaintext: NT_KEY: A9B342EC3E218E54A330556C468415CD
> Exec-Program: returned: 0
> [mschap] adding MS-CHAPv2 MPPE keys
> ++[mschap] returns ok
>
> ntlm_auth comands is the same on both hosts.
>
> The difference is "Exec-Program output:"
>
> Why?
your previous emails only listed the mschap module and radiusd.conf - but
not the sites-enabled/default or sites-enabled/inner-tunnel files.....
alan
More information about the Freeradius-Users
mailing list