Freeradius with Active Directory

Prashant A dev1278977 at gmail.com
Mon Jun 16 14:06:04 CEST 2014 

Hi All,

I have followed the guide for integrating freeradius with active 
directory which is mentioned here,

http://deployingradius.com/documents/configuration/active_directory.html

So finally,

radtest -t mschap prashant Active at 123 localhost 0 testing123

Gives me following output

Sending Access-Request Id 40 from 0.0.0.0:54825 to 127.0.0.1:1812
     User-Name = 'prashant'
     NAS-IP-Address = 127.0.1.1
     NAS-Port = 0
     Message-Authenticator = 0x00
     MS-CHAP-Challenge = 0x42b125cb7f6408b4
     MS-CHAP-Response = 
0x0001000000000000000000000000000000000000000000000000c82b9abb20333db96efcb1f93beb602b39ebbd007a8c0392
Received Access-Accept Id 40 from 127.0.0.1:1812 to 127.0.0.1:54825 
length 84
     MS-CHAP-MPPE-Keys = 0x
     MS-MPPE-Encryption-Policy = Encryption-Allowed
     MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed

But when I try to login from webpage I am getting following response

(0) mschap : Client is using MS-CHAPv2
(0) mschap : Executing: /usr/bin/ntlm_auth --request-nt-key 
--username=%{mschap:User-Name:-None} 
--domain=%{%{mschap:NT-Domain}:-mycompany.local} 
--challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}
(0) mschap : EXPAND --username=%{mschap:User-Name:-None}
(0) mschap :    --> --username=prashant
(0)*ERROR: mschap : No NT-Domain was found in the User-Name*
(0) mschap : EXPAND --domain=%{%{mschap:NT-Domain}:-mycompany.local}
(0) mschap :    --> --domain=mycompany.local
(0) mschap : Creating challenge hash with username: prashant
(0) mschap : EXPAND --challenge=%{mschap:Challenge:-00}
(0) mschap :    --> --challenge=e5d49180d36eb904
(0) mschap : EXPAND --nt-response=%{mschap:NT-Response:-00}
*(0) mschap :    --> 
--nt-response=0000000e0000000000000000000000000000000000000000**
**(0) ERROR: mschap : Program returned code (1) and output 'Logon 
failure (0xc000006d)'*
(0) mschap : External script failed.
(0) ERROR: mschap : External script says: Logon failure (0xc000006d)
(0) ERROR: mschap : MS-CHAP2-Response is incorrect
(0)   [mschap] = reject
(0)  } # Auth-Type MS-CHAP = reject

Can somebody help me to understand what exactly the issue. I am using 
FreeRADIUS Version 3.0.3 and Samba version 3.6.3.

Thanks & Regards,
Prashant
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140616/868ab953/attachment.html>

More information about the Freeradius-Users mailing list