MSCHAP Errors

James J J Hooper jjj.hooper at bristol.ac.uk
Mon May 14 19:53:38 CEST 2012


On 11/05/2012 13:35, Phil Mayers wrote:
> On 11/05/12 13:10, sgilmour wrote:
>
>> --nt-response=46eb0f981a6121ad65e5726b0ee0e2097d610172204c7f24
>> Fri May 11 08:08:13 2012 : Debug: Exec-Program output: Access denied
>> (0xc0000022)
>> Fri May 11 08:08:13 2012 : Debug: Exec-Program-Wait: plaintext: Access
>> denied (0xc0000022)
>> Fri May 11 08:08:13 2012 : Debug: Exec-Program: returned: 1
>> Fri May 11 08:08:13 2012 : Info: [mschap] External script failed.
>> Fri May 11 08:08:13 2012 : Info: [mschap] FAILED: MS-CHAP2-Response is
>> incorrect
>
>
> The "ntlm_auth" helper is returning errors. Try the command from the CLI
> and examine the output. Check the permissions on the winbind socket
> (google for details) and SELinux contexts, if applicable.

AD can return 0xc0000022 when for example the domain controller 
ntlm_auth/winbind is talking to can not contact the PDC. If you are 
continuing to have issues, and have completed Phil's suggestions, check 
the logs on your domain controllers for anomalies.

-James


More information about the Freeradius-Users mailing list