MSCHAP Auth fails

Andres Septer andres.septer at
Wed Apr 4 14:13:35 CEST 2012

# Executing group from file /etc/raddb/sites-enabled/packetfence
+- entering group MS-CHAP {...}
[mschap] Told to do MS-CHAPv1 with NT-Password
[mschap]        expand: %{Stripped-User-Name} ->
[mschap]        ... expanding second conditional
[mschap]        expand: %{mschap:User-Name:-None} -> User001
[mschap]        expand:
--username=%{%{Stripped-User-Name}:-%{mschap:User-Name:-None}} ->
[mschap]  mschap1: 28
[mschap]        expand: --challenge=%{mschap:Challenge:-00} ->
[mschap]        expand: #ntresponse=%{mschap:NT-Response:-00} ->
Exec-Program output: Logon failure (0xc000006d)
Exec-Program-Wait: plaintext: Logon failure (0xc000006d)
Exec-Program: returned: 1
[mschap] External script failed.
[mschap] MS-CHAP-Response is incorrect.
++[mschap] returns reject
Failed to authenticate the user.
Login incorrect (mschap: External script says Logon failure
(0xc000006d)): [User001] (from client port 0)

I would say, ntlm_auth is missing domain here. Where do you supply domain? 
In configaration or with user name? Whitch form, user at domain or domain\user?
I would check those.


More information about the Freeradius-Users mailing list