FreeRADIUS not receiving password from WLC

Alan DeKok aland at deployingradius.com
Wed May 7 18:50:53 CEST 2014


Richard Long wrote:
> Hi all, 
> I'm a bit stuck.  I've stood up a CentOS server with FreeRADIUS so I can authenticate against Active Directory using a Cisco Wireless Controller.  As you can see from the output below, I've got ntlm_auth and radtest working correctly, however, the wireless controller doesn't seem to be passing passwords to FreeRADIUS.  I very obviously got something wrong in my setup, but I can't figure out what.  I appreciate any help. 

  Have you followed the documentation?  Go to wiki.freeradius.org, and
type "active directory" into the search box.

  Or, read my active directory guide:

http://deployingradius.com/documents/configuration/active_directory.html

> [root at san-prod-rad-01 /]# ntlm_auth –-request-nt-key –-domain=NOTTELLING --username=mschmidt 
> password: 
> NT_STATUS_OK: Success (0x0)

  That doesn't really help.

> ------------------------------------------------------------------------ 
> [root at san-prod-rad-01 /]# radtest mschmidt ########## 127.0.0.1 0 C at tHelm3t 
> Sending Access-Request of id 155 to 127.0.0.1 port 1812 
>         User-Name = "mschmidt" 
>         User-Password = "#######" 
>         NAS-IP-Address = 10.X.X.111 
>         NAS-Port = 0 
>         Message-Authenticator = 0x00000000000000000000000000000000 
> rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=155, length=20 

  That doesn't really help, either.

> ------------------------------------------------------------------------ 
> [root at san-prod-rad-01 ~]# radiusd -X ...
> rad_recv: Access-Request packet from host 192.168.130.5 port 32768, id=98, length=240 
...
>         EAP-Message = 0x0201000d01616e74686f6e7962 

  Which is EAP...

> [ntlm_auth]     expand: --username=%{mschap:User-Name} -> --username=mschmidt 
> [ntlm_auth]     expand: --password=%{User-Password} -> --password= 
> Exec-Program output: NT_STATUS_WRONG_PASSWORD: Wrong Password (0xc000006a) 

  Exactly.

  This is documented in great detail.

  Alan DeKok.


More information about the Freeradius-Users mailing list