EAP (PEAP)+ntlm_auth doesn't send password by it self

Alan Buxey A.L.M.Buxey at lboro.ac.uk
Fri Mar 19 20:22:25 CET 2010


> After several unsuccessful attempts I could install Freeradius with OpenSSL support for do ntlm_auth for the users with Active Directory integration. The problem is, when the windows xp machine try to connect to the wireless network, Freeradius (or windows xp machine, reallly dont know) doesn't fill the password field like user-name does. So, Any one knows why it is happening? Because for this reason I get the error in the auithentication (Exec-Program output: NT_STATUS_WRONG_PASSWORD: Wrong Password (0xc000006a)

windows machine isnt sending the password - but then again, its not expecting to. 
challenge repsonse is the order of the day.

> Exec-Program-Wait: plaintext: NT_STATUS_WRONG_PASSWORD: Wrong Password (0xc000006a) )

> [ntlm_auth]     expand: --username=%{mschap:User-Name} -> --username=ortegaca
> [ntlm_auth]     expand: --password=%{User-Password} -> --password=

no User-Password in the packet sent in the 802.1X - therefore there is nothing there 

the default arguments for this (ntlm) are

--request-nt-key --username=%{Stripped-User-Name:-%{User-Name:-None}} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"

what happens if you use this?


More information about the Freeradius-Users mailing list