MS 8021.x PEAP failing - new info...

Gary Gatten Ggatten at waddell.com
Fri Aug 21 00:48:10 CEST 2009


Check this out...  I entered the Domain Name manually and it worked!
So, now I have no freaking clue...  I thought it was something with the
"//" in the DomainName//UserName  - but doesn't look like it.

Here's some debug output.  I snipped all the stuff before this output -
from what I can tell it's exactly the same, but I guess I'll save it to
a file and diff it to make sure.  In the mean time:

** Here's manually using Domain Name in PEAP - working **

+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured.  Cannot create LM-Password.
[mschap] No Cleartext-Password configured.  Cannot create NT-Password.
[mschap] Told to do MS-CHAPv2 for ggatten with NT-Password
[mschap] WARNING: Deprecated conditional expansion ":-".  See "man
unlang" for details
[mschap] WARNING: Deprecated conditional expansion ":-".  See "man
unlang" for details
[mschap] 	expand:
--username=%{Stripped-User-Name:-%{User-Name:-None}} ->
--username=WADDELL\ggatten
[mschap]  mschap2: c0
[mschap] 	expand: --challenge=%{mschap:Challenge:-00} ->
--challenge=SANITIZED
[mschap] 	expand: --nt-response=%{mschap:NT-Response:-00} ->
--nt-response= SANITIZED Exec-Program output: NT_KEY: SANITIZED
Exec-Program-Wait: plaintext: NT_KEY: SANITIZED Exec-Program: returned:
0
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
MSCHAP Success


** Here's using Windows logon info automatically, NOT working **

+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured.  Cannot create LM-Password.
[mschap] No Cleartext-Password configured.  Cannot create NT-Password.
[mschap] Told to do MS-CHAPv2 for ggatten with NT-Password
[mschap] WARNING: Deprecated conditional expansion ":-".  See "man
unlang" for details
[mschap] WARNING: Deprecated conditional expansion ":-".  See "man
unlang" for details
[mschap] 	expand:
--username=%{Stripped-User-Name:-%{User-Name:-None}} ->
--username=WADDELL\ggatten
[mschap]  mschap2: 73
[mschap] 	expand: --challenge=%{mschap:Challenge:-00} ->
--challenge= SANITIZED
[mschap] 	expand: --nt-response=%{mschap:NT-Response:-00} ->
--nt-response= SANITIZED Exec-Program output: Logon failure (0xc000006d)

Exec-Program-Wait: plaintext: Logon failure (0xc000006d) 
Exec-Program: returned: 1
[mschap] External script failed.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
[eap] Freeing handler
++[eap] returns reject
Failed to authenticate the user.





<font size="1">
<div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'>
</div>
"This email is intended to be reviewed by only the intended recipient
 and may contain information that is privileged and/or confidential.
 If you are not the intended recipient, you are hereby notified that
 any review, use, dissemination, disclosure or copying of this email
 and its attachments, if any, is strictly prohibited.  If you have
 received this email in error, please immediately notify the sender by
 return email and delete this email from your system."
</font>





More information about the Freeradius-Users mailing list