mschap with ntlm_auth and Active Directory
Phil Mayers
p.mayers at imperial.ac.uk
Fri Mar 4 10:28:38 CET 2011
On 03/04/2011 01:32 AM, robert22 wrote:
>
> Phil Mayers wrote:
>>
>> Are you sure the mschap client is using the right password, and matches
>> the password in the domain?
>>
>> Can you do a plaintext auth with the password you expect it to be?
>>
>> ntlm_auth --username= --password=
>>
>
> Works fine with plaintext auth:
Ok
>
> root at FREERADIUS:/etc/freeradius# ntlm_auth --username=0024D6650564
> --password=Pa$$w0rd
> NT_STATUS_OK: Success (0x0)
> root at FREERADIUS:/etc/freeradius# ntlm_auth --username=0024D670F3A6
> --password=Pa$$w0rd
> NT_STATUS_OK: Success (0x0)
> root at FREERADIUS:/etc/freeradius# ntlm_auth --username=0024D6650564
> --password=Pa$$w0rd
> NT_STATUS_OK: Success (0x0)
>
> The password Pa$$w0rd is set in the Wireless Controller, if thats what you
> mean by mschap client?
I do.
Since the password in the domain is definitely right, and winbind
appears to be working, I'd have to guess the password in the wireless
controller is wrong somehow, but that seems unlikely to be something
you'd have missed.
>
> Is there a tool I can use to test this with that will send mschap challanges
> etc to the freeradius, rather than using the wireless controller? someone
Under recent versions of FreeRadius, "radtest" can do it.
If you can't upgrade the version on the server, perhaps install a newer
copy on a separate machine.
More information about the Freeradius-Users
mailing list