Authenticating agains AD issues

Sallee, Stephen (Jake) Jake.Sallee at umhb.edu
Thu Oct 28 17:14:35 CEST 2010 

Did you enable the "WITH NT DOMAIN HACK" in your MSCHAP module?

 

Jake Sallee

Godfather Of Bandwidth

Network Engineer

 

Fone: 254-295-4658

Phax: 254-295-4221

 

 

From: freeradius-users-bounces+jake.sallee=umhb.edu at lists.freeradius.org
[mailto:freeradius-users-bounces+jake.sallee=umhb.edu at lists.freeradius.o
rg] On Behalf Of Johnson, Neil M
Sent: Thursday, October 28, 2010 9:48 AM
To: freeradius-users at lists.freeradius.org
Subject: Authenticating agains AD issues

 

 

I've been following the reciepe on the "Deploying RADIUS" web site, but
I have been unable to get an iPhone or Laptop to authenticate to
wireless.

 

It appears from the log that ntlm_auth is behaving correctly but the the
challenge continues.

 

I'm running 2.1.9 on Fedora 12 using the demonstration certificates.

 

Here is the last part of the log file:

 

Thanks in advance.

-Neil

 

[eap] Request found, released from the list

[eap] EAP/mschapv2

[eap] processing type mschapv2

[mschapv2] +- entering group MS-CHAP {...}

[mschap] Told to do MS-CHAPv2 for nmjoo with NT-Password

[mschap]        expand: %{Stripped-User-Name} -> 

[mschap]        ... expanding second conditional

[mschap] WARNING: Deprecated conditional expansion ":-".  See "man
unlang" for details

[mschap]        expand: %{User-Name:-None} -> IOWA\nmjoo

[mschap]        expand:
--username=%{%{Stripped-User-Name}:-%{User-Name:-None}} ->
--username=IOWA\nmjoo

[mschap]  mschap2: 5e

[mschap]        expand: --challenge=%{mschap:Challenge:-00} ->
--challenge=13fe382b60e3bba9

[mschap]        expand: --nt-response=%{mschap:NT-Response:-00} ->
--nt-response=24bf15cdc812e5f7fb9723f21143bb775b24a1914870caf0

Exec-Program output: NT_KEY: 0FD5C0593F3B79F0478DB821B51BCB38 

Exec-Program-Wait: plaintext: NT_KEY: 0FD5C0593F3B79F0478DB821B51BCB38 

Exec-Program: returned: 0

[mschap] adding MS-CHAPv2 MPPE keys

++[mschap] returns ok

MSCHAP Success 

++[eap] returns handled

} # server inner-tunnel

[peap] Got tunneled reply code 11

        EAP-Message =
0x010a00331a0309002e533d364637444633304644363834324235424237384637364543
39423230454534453639434431463338

        Message-Authenticator = 0x00000000000000000000000000000000

        State = 0x9b59f55f9a53ef43871eb82ef0802a05

[peap] Got tunneled reply RADIUS code 11

        EAP-Message =
0x010a00331a0309002e533d364637444633304644363834324235424237384637364543
39423230454534453639434431463338

        Message-Authenticator = 0x00000000000000000000000000000000

        State = 0x9b59f55f9a53ef43871eb82ef0802a05

[peap] Got tunneled Access-Challenge

++[eap] returns handled

Sending Access-Challenge of id 112 to 128.255.11.74 port 32768

        EAP-Message =
0x010a005b19001703010050f59dec82774ce4b8dc5bb542e29881b2cb321a7136c39e4f
1a498708fa2515da475f29ec726bd310dd96ab7ae6de4a85f079285567b375a7fa02d137
f9d0d2adcf75dc887c91c50a41e041c13b370882

        Message-Authenticator = 0x00000000000000000000000000000000

        State = 0xa489d972ac83c05d8d6d2302f3fa3977

Finished request 17.

Going to the next request

Waking up in 3.2 seconds.

Cleaning up request 0 ID 95 with timestamp +9

Cleaning up request 1 ID 96 with timestamp +9

Cleaning up request 2 ID 97 with timestamp +9

Cleaning up request 3 ID 98 with timestamp +9

Cleaning up request 4 ID 99 with timestamp +9

Cleaning up request 5 ID 100 with timestamp +9

Cleaning up request 6 ID 101 with timestamp +9

Cleaning up request 7 ID 102 with timestamp +9

Cleaning up request 8 ID 103 with timestamp +9

Waking up in 1.0 seconds.

Cleaning up request 9 ID 104 with timestamp +10

Cleaning up request 10 ID 105 with timestamp +10

Cleaning up request 11 ID 106 with timestamp +10

Cleaning up request 12 ID 107 with timestamp +10

Cleaning up request 13 ID 108 with timestamp +10

Cleaning up request 14 ID 109 with timestamp +10

Cleaning up request 15 ID 110 with timestamp +10

Cleaning up request 16 ID 111 with timestamp +10

Cleaning up request 17 ID 112 with timestamp +10

Ready to process requests.

 

-- 

Neil Johnson

Network Engineer

Information Technology Services

The University of Iowa

Work: 319 384-0938

Mobile: 319 540-2081

Fax: 319 355-2618

E-mail: neil-johnson at uiowa.edu

 

 

 

 

 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20101028/317d8422/attachment.html>

More information about the Freeradius-Users mailing list