MS-CHAP2 Response is incorrect.
Garcia Herguedas, Unai
u.garcia at ibermatica.com
Wed Dec 2 17:25:59 CET 2009
Phil Mayers wrote:
>Garcia Herguedas, Unai wrote:
>> Hi,
>>
>> I´m having a problem deploying a FreeRadius server to authenticate
>> Wireless users with an Active Directory.
>>
>>
>>
>> If I execute in a shell the ntlm_auth with the same parameters as the
>> log pointed I get an NT Key, so don´t really know why it's not
>> working. I have tried varius solutions founded in internet without
>> success.
>
>Are you sure that the radius daemon user has permissions to run winbind?
>Check the permissions on /var/lib/samba/winbindd_privileged and also any
>SELinux policy, if you're running an SELinux-enabled distro.
I don't have an /var/lib/samba/winbindd_privileged.
I have /var/run/samba/winbindd_privileged which I assume is what you are referring.
The permissionas are as follow:
drwxr-x--- 2 root winbindd_priv 4096 2009-12-01 10:28 winbindd_privileged
And the user freerad is part of the winbindd_priv group:
winbindd_priv:x:105:freerad
Don't have SELinux or AppArmor.
>> BTW, The entire log is attached (edited user, challenge.....). If
>> needed I can send conf files.
>
>That's not helpful. Please run "radiusd -X" and send the output of a
>failing request. Please don't edit it unless you're certain the edits
>are for irrelevant security-critical data (the mschap challenge &
>response are not dangerous to disclose)
The log that I attached previously was obtained with freeradius -X -xx -l /var/log/freeradius/radius.log
More information about the Freeradius-Users
mailing list