falling back to local auth and not ads

Matthew Newton mcn4 at leicester.ac.uk
Tue Apr 24 11:53:39 CEST 2012

On Tue, Apr 24, 2012 at 09:24:42AM +0000, Morris, Andi wrote:
> My freeradius server seems to be falling back to local
> authentication rather than piping it out to our ADS server.  If
> I create a local user on the radius box authentication is
> successful.  Can anyone please help with this?  All relevant
> info I can think of is below.

Initial guess - you've set MS-CHAP-Use-NTLM-Auth = Yes somewhere
(check for broken entries in your users file, etc), so mschap
isn't even trying to call ntlm_auth.

> [mschapv2] # Executing group from file /etc/raddb/sites-enabled/packetfence-tunnel
> [mschapv2] +- entering group MS-CHAP {...}
> [mschap] No Cleartext-Password configured.  Cannot create LM-Password.
> [mschap] No Cleartext-Password configured.  Cannot create NT-Password.
> [mschap] Creating challenge hash with username: sm18818
> [mschap] Told to do MS-CHAPv2 for sm18818 with NT-Password
> [mschap] FAILED: No NT/LM-Password.  Cannot perform authentication.
> [mschap] FAILED: MS-CHAP2-Response is incorrect


Matthew Newton, Ph.D. <mcn4 at le.ac.uk>

Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>

More information about the Freeradius-Users mailing list