Credentials format in Windows suplicant
joanroldan
joan.roldan.paitovi at gmail.com
Fri Jun 10 16:32:30 CEST 2011
Hi everybody,
I have take a look to this post:
http://freeradius.1045715.n5.nabble.com/MSCHAP-Authentication-Issue-td2785146.html
And I totally agree with the behaviours described in the table.
I have been experiencing the same. If I type the credentials on prompt of
Windows supplicant like
MYDOMAIN.COM\user
password
The request is accepted:
Fri Jun 10 15:58:51 2011 : Info: ++[eap] returns ok
Fri Jun 10 15:58:51 2011 : Auth: Login OK: [IRTA_NT\\jroldan/<via Auth-Type
= EAP>] (from client WLC_SSCC port 1 cli 00-26-B6-59-F1-EA)
But if I type
user at mydomain.com
password
I get the next info:
Fri Jun 10 16:11:52 2011 : Debug: Exec-Program output: Logon failure
(0xc000006d)
Fri Jun 10 16:11:52 2011 : Debug: Exec-Program-Wait: plaintext: Logon
failure (0xc000006d)
Fri Jun 10 16:11:52 2011 : Debug: Exec-Program: returned: 1
Fri Jun 10 16:11:52 2011 : Info: [mschap] External script failed.
Fri Jun 10 16:11:52 2011 : Info: [mschap] FAILED: MS-CHAP2-Response is
incorrect
Fri Jun 10 16:11:52 2011 : Info: ++[mschap] returns reject
Fri Jun 10 16:11:52 2011 : Info: [eap] Freeing handler
Fri Jun 10 16:11:52 2011 : Info: ++[eap] returns reject
Fri Jun 10 16:11:52 2011 : Info: Failed to authenticate the user.
Fri Jun 10 16:11:52 2011 : Auth: Login incorrect (mschap: External script
says Logon failure (0xc000006d)): [jroldan at irta.es/<via Auth-Type = EAP>]
(from client WLC_SSCC port 0 via TLS tunnel)
I assume my configuration is fine (extracted from deployingradius.com)
because its working by typing credentials in NT format.
As the configuration of freeradius is for eduroam purpose it would be nice
that user enter the credentials like user at domain.com, and in function of the
domain the request would be proxied or not.
Is is possible to use this format in spite of NT-domain?
Thanks in advance.
--
View this message in context: http://freeradius.1045715.n5.nabble.com/Credentials-format-in-Windows-suplicant-tp4476319p4476319.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
More information about the Freeradius-Users
mailing list