MSCHAP Errors

sgilmour sgilmour at enterasys.com
Tue May 15 17:26:27 CEST 2012


Hi,
I have been unable to get a PEAP user to work, but I was able to get a TLS
User to work.
It keeps on failing for MSCHAP.  I tried to change the mschap module
settings but this made no difference.
I am currently using samba 3.5 with active directory.  Does my ntlm_auth
path look correct?
Thanks for every ones help,
Scott


ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
--username=%{%{Stripped-User-Name}:-%{User-Name:-None}}
--challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
#ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
--username=%{mschap:User-Name:-None}
--domain=%{%mschap:NT-domain}:-SQA.net} --challenge=%{mschap:Challenge:-00}
--nt-response=%{mschap:NT-Response:-00}"
}


On Mon, May 14, 2012 at 1:55 PM, James J J Hooper [via FreeRadius] <
ml-node+s1045715n5709347h23 at n5.nabble.com> wrote:

> On 11/05/2012 13:35, Phil Mayers wrote:
>
> > On 11/05/12 13:10, sgilmour wrote:
> >
> >> --nt-response=46eb0f981a6121ad65e5726b0ee0e2097d610172204c7f24
> >> Fri May 11 08:08:13 2012 : Debug: Exec-Program output: Access denied
> >> (0xc0000022)
> >> Fri May 11 08:08:13 2012 : Debug: Exec-Program-Wait: plaintext: Access
> >> denied (0xc0000022)
> >> Fri May 11 08:08:13 2012 : Debug: Exec-Program: returned: 1
> >> Fri May 11 08:08:13 2012 : Info: [mschap] External script failed.
> >> Fri May 11 08:08:13 2012 : Info: [mschap] FAILED: MS-CHAP2-Response is
> >> incorrect
> >
> >
> > The "ntlm_auth" helper is returning errors. Try the command from the CLI
> > and examine the output. Check the permissions on the winbind socket
> > (google for details) and SELinux contexts, if applicable.
>
> AD can return 0xc0000022 when for example the domain controller
> ntlm_auth/winbind is talking to can not contact the PDC. If you are
> continuing to have issues, and have completed Phil's suggestions, check
> the logs on your domain controllers for anomalies.
>
> -James
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> ------------------------------
>  If you reply to this email, your message will be added to the discussion
> below:
>
> http://freeradius.1045715.n5.nabble.com/MSCHAP-Errors-tp5702886p5709347.html
>  To unsubscribe from MSCHAP Errors, click here<http://freeradius.1045715.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=5702886&code=c2dpbG1vdXJAZW50ZXJhc3lzLmNvbXw1NzAyODg2fDczMDY1MTY5NQ==>
> .
> NAML<http://freeradius.1045715.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>


--
View this message in context: http://freeradius.1045715.n5.nabble.com/MSCHAP-Errors-tp5702886p5710144.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120515/8fbd2c2a/attachment.html>


More information about the Freeradius-Users mailing list