query mschap with ntlm_auth samba4
Alan DeKok
aland at deployingradius.com
Wed Apr 7 19:02:10 CEST 2021
On Apr 7, 2021, at 11:42 AM, Nicolás Lopiano <nlopiano at gmail.com> wrote:
> I have been looking for information for a long time and could not find to
> solve the problem I am running into.
> My scenario is a vm with freeradius 3.0.17 joined to a samba4 domain with
> sssd, samba version 4.9.5-Debian.
> I need to get mschap to work via ntlm_auth. When making the query for
> ntlm_auth I have no problem and it works.
Doing *what* query with ntlm_auth? This matters.
Doing a query with clear-text passwords isn't the same as doing it with MS-CHAP.
> But when making the query using
> mschap it gives me the following error:
>
> Wed Apr 7 11:06:35 2021: ERROR: (3) mschap: Program returned code (1) and
> output 'The attempted logon is invalid. This is either due to a bad
> username or authentication information. (0xc000006d) '
> Wed Apr 7 11:06:35 2021: Debug: (3) mschap: External script failed
> Wed Apr 7 11:06:35 2021: ERROR: (3) mschap: External script says: The
> attempted logon is invalid. This is either due to a bad username or
> authentication information. (0xc000006d)
> Wed Apr 7 11:06:35 2021: ERROR: (3) mschap: MS-CHAP2-Response is incorrect
That's pretty clear. The MS-CHAP information isn't being accepted. Either because it's wrong, or because the user doesn't exist, or MS-CHAP isn't enabled.
Alan DeKok.
More information about the Freeradius-Users
mailing list