falling back to local auth and not ads
Matthew Newton
mcn4 at leicester.ac.uk
Tue Apr 24 11:53:39 CEST 2012
On Tue, Apr 24, 2012 at 09:24:42AM +0000, Morris, Andi wrote:
> My freeradius server seems to be falling back to local
> authentication rather than piping it out to our ADS server. If
> I create a local user on the radius box authentication is
> successful. Can anyone please help with this? All relevant
> info I can think of is below.
Initial guess - you've set MS-CHAP-Use-NTLM-Auth = Yes somewhere
(check for broken entries in your users file, etc), so mschap
isn't even trying to call ntlm_auth.
> [mschapv2] # Executing group from file /etc/raddb/sites-enabled/packetfence-tunnel
> [mschapv2] +- entering group MS-CHAP {...}
> [mschap] No Cleartext-Password configured. Cannot create LM-Password.
> [mschap] No Cleartext-Password configured. Cannot create NT-Password.
> [mschap] Creating challenge hash with username: sm18818
> [mschap] Told to do MS-CHAPv2 for sm18818 with NT-Password
> [mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
> [mschap] FAILED: MS-CHAP2-Response is incorrect
Matthew
--
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users
mailing list