Help troubleshooting No EAP session matching...

Matthew Newton mcn4 at leicester.ac.uk
Fri Sep 16 16:46:48 CEST 2016


On Fri, Sep 16, 2016 at 10:37:13AM -0400, Dave Aldwinckle wrote:
> Off-topic, but related: This particular bit "&Module-Failure-Message :=
> &request:Module-Failure-Message" is populated with the first ERROR that the
> mschap module spits out, which for us is always "No NT-Domain was found in
> the User-Name." Since none of our User-Names have NT domains in them, the
> message is confusing. Is there any way to include the other errors? "Program
> returned code (1) and output 'Logon failure (0xc000006d)" would be a good
> one:
> 
> (72) mschap: Creating challenge hash with username: nstestnexus at uwaterloo.ca
> (72) mschap: Client is using MS-CHAPv2
> (72) mschap: Executing: /usr/bin/ntlm_auth --request-nt-key
> --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}}
> --domain=%{%{mschap:NT-Domain}:-NEXUS}

Set this to "--domain=NEXUS" instead? It's the expansion of the
mschap:NT-Domain that's causing the error.

You should be able to get the other errors by looking at
&Module-Failure-Message[1], &Module-Failure-Message[2], etc, I
think?

Matthew


-- 
Matthew Newton, Ph.D. <mcn4 at leicester.ac.uk>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>


More information about the Freeradius-Users mailing list