freeradius + ntlm_auth, broken?
Phil Mayers
p.mayers at imperial.ac.uk
Fri Mar 9 10:31:22 CET 2012
On 03/08/2012 05:09 PM, Andres Septer wrote:
>
>> Check the winbind log files,
>
> Did that already. Nothing interesting there, only lines like
> [2012/03/08 14:32:17.115991, 3] winbindd/winbindd_misc.c:417(winbindd_priv_pipe_dir)
> [25675]: request location of privileged pipe
> [2012/03/08 14:32:17.117136, 6] winbindd/winbindd.c:840(winbind_client_request_read)
> closing socket 26, client exited
>
>> and perhaps try using "strace -f -p<freerad.pid> -o log" to
>> watch process execution.
>
> I already did that to get the command line. When I run that line manually I get
> "login failed". T try to figure out how to capture actual ntlm_auth output from within
> freerad process. Also, where freeradd gets the values for parameters
> MS-CHAP-Challenge = 0xd50bd065d4215da9
> MS-CHAP-Response = 0x00010000000000000000000000000000000000000000000000001e7c77d05691cb2822a6670bf0b458e251c4ef170a2c2fff
> ?
> Those seem to be wrong. When I use them manually from command line I get "login failed"
If you mean you're taking the value of the challenge & response and
passing them straight to ntlm_auth, you can't do that; it doesn't work.
There is intermediate processing that is done before calling ntlm_auth.
Maybe the client is broken, but maybe not. What is the client?
More information about the Freeradius-Users
mailing list