Radius and AD authentication

Michael Price mike at thepriceshouse.com
Mon Oct 19 18:17:51 CEST 2015 

You guys rock. Thanks for finding my errors.  The command:

#radtest chicken <password> 127.0.0.1 0 testing123

is working now :-) .  And yes, I did change my test password.

My switches are authenticating successfully now :-) .



thanks, michael

On Sun, Oct 18, 2015 at 7:41 PM, Matthew Newton <mcn4 at leicester.ac.uk>
wrote:

> On Sun, Oct 18, 2015 at 06:09:42AM -0400, Michael Price wrote:
> >       program = "/usr/bin/ntlm_auth --request-nt-key
> --domain=domain.netN --username=%{mschap:User-Name}
> --password=%{User-Password}"
> ...
> > (0) ntlm_auth: Executing: /usr/bin/ntlm_auth --request-nt-key
> --domain=domain.netN --username=%{mschap:User-Name}
> --password=%{User-Password}:
>
> --domain=domain.netN - typo
>
> > (0) ntlm_auth: EXPAND --username=%{mschap:User-Name}
> > (0) ntlm_auth:    --> --username=chicken
> > (0) ntlm_auth: EXPAND --password=%{User-Password}
> > (0) ntlm_auth:    --> --password=2Number9!
>
> [change your password]
>
> > (0) ntlm_auth: ERROR: Program returned code (1) and output
> 'NT_STATUS_NO_SUCH_USER: No such user (0xc0000064)'
>
> fails.
>
> >       ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
> --username=%{mschap:User-Name:-None} --domain=%{%{mschap:NT-Domain}:-
> domain.net} --challenge=%{mschap:Challenge:-00}
> --nt-response=%{mschap:NT-Response:-00}"
>
> domain.net - no typo
>
> >       program = "/usr/bin/ntlm_auth --request-nt-key
> --domain=domain.netN --username=%{mschap:User-Name}
> --password=%{User-Password}"
>
> > (0) mschap: Client is using MS-CHAPv1 with NT-Password
> > (0) mschap: Executing: /usr/bin/ntlm_auth --request-nt-key
> --username=%{mschap:User-Name:-None} --domain=%{%{mschap:NT-Domain}:-
> domain.net} --challenge=%{mschap:Challenge:-00}
> --nt-response=%{mschap:NT-Response:-00}:
> > (0) mschap: EXPAND --username=%{mschap:User-Name:-None}
> > (0) mschap:    --> --username=chicken
> > (0) mschap: ERROR: No NT-Domain was found in the User-Name
> > (0) mschap: EXPAND --domain=%{%{mschap:NT-Domain}:-domain.net}
> > (0) mschap:    --> --domain=domain.net
> > (0) mschap: mschap1: 27
> > (0) mschap: EXPAND --challenge=%{mschap:Challenge:-00}
> > (0) mschap:    --> --challenge=27572b879bc37cd5
> > (0) mschap: EXPAND --nt-response=%{mschap:NT-Response:-00}
> > (0) mschap:    -->
> --nt-response=3446fe427512934fce4d2bed4172dfb37fa43ab483323a01
> > (0) mschap: Program returned code (0) and output 'NT_KEY:
> B598B7914410495012BA70A8F02E4DA5'
>
> works.
>
> Fix up the domain in mods-enabled/ntlm_auth.
>
> Matthew
>
>
> --
> Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
>
> Systems Specialist, Infrastructure Services,
> I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
>
> For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>

More information about the Freeradius-Users mailing list