AW: MSCHAP Auth fails

Weber, Felix Felix.Weber at
Wed Apr 4 14:24:17 CEST 2012

Tested both at radtest USER at DOMAIN and DOMAIN\\USER, nothing worked.
Configured krb5.conf and smb.conf with domain and local ntlm_auth works fine on the machine.
And in mschap module this line has beed added:
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name:-None} --domain=%{%{mschap:NT-Domain}:-SWMNT} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
-----Ursprüngliche Nachricht-----
Von: at [ at] Im Auftrag von Andres Septer
Gesendet: Mittwoch, 4. April 2012 14:14
An: FreeRadius users mailing list
Betreff: RE: MSCHAP Auth fails

# Executing group from file /etc/raddb/sites-enabled/packetfence
+- entering group MS-CHAP {...}
[mschap] Told to do MS-CHAPv1 with NT-Password
[mschap]        expand: %{Stripped-User-Name} ->
[mschap]        ... expanding second conditional
[mschap]        expand: %{mschap:User-Name:-None} -> User001
[mschap]        expand:
--username=%{%{Stripped-User-Name}:-%{mschap:User-Name:-None}} ->
[mschap]  mschap1: 28
[mschap]        expand: --challenge=%{mschap:Challenge:-00} ->
[mschap]        expand: #ntresponse=%{mschap:NT-Response:-00} ->
Exec-Program output: Logon failure (0xc000006d)
Exec-Program-Wait: plaintext: Logon failure (0xc000006d)
Exec-Program: returned: 1
[mschap] External script failed.
[mschap] MS-CHAP-Response is incorrect.
++[mschap] returns reject
Failed to authenticate the user.
Login incorrect (mschap: External script says Logon failure
(0xc000006d)): [User001] (from client port 0)

I would say, ntlm_auth is missing domain here. Where do you supply domain? 
In configaration or with user name? Whitch form, user at domain or domain\user?
I would check those.

List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list