MS-CHAP2 Response is incorrect.

Phil Mayers p.mayers at imperial.ac.uk
Wed Dec 2 17:41:18 CET 2009


Garcia Herguedas, Unai wrote:
> Phil Mayers wrote:
>> Garcia Herguedas, Unai wrote:
>>> Hi,
>>>
>>> I´m having a problem deploying a FreeRadius server to authenticate
>>> Wireless users with an Active Directory.
>>>
>>>
>>>
>>> If I execute in a shell the ntlm_auth with the same parameters as the
>>> log pointed I get an NT Key, so don´t really know why it's not
>>> working. I have tried varius solutions founded in internet without
>>> success.
>> Are you sure that the radius daemon user has permissions to run winbind? 
>> Check the permissions on /var/lib/samba/winbindd_privileged and also any 
>> SELinux policy, if you're running an SELinux-enabled distro.
> 
> I don't have an /var/lib/samba/winbindd_privileged.
> I have /var/run/samba/winbindd_privileged which I assume is what you are referring.

It's distribution-dependent, but yes, that's the file.

> 
> The permissionas are as follow:
> drwxr-x--- 2 root winbindd_priv   4096 2009-12-01 10:28 winbindd_privileged
> And the user freerad is part of the winbindd_priv group:
> winbindd_priv:x:105:freerad
> 
> Don't have SELinux or AppArmor.

You have a typo in your config:

ntlm_auth = "usr/bin/ntlm_auth --request-nt-key

You are missing a leading "/" from the binary, hence it's failing.



More information about the Freeradius-Users mailing list