<table cellspacing="0" cellpadding="0" border="0" ><tr><td valign="top" style="font: inherit;"><DIV>Hi, </DIV>
<DIV>It is the whole debug info. I think the problem is we could not get the default domain name "xjtu".</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV>Listening on authentication address * port 1812<BR>Listening on command file /usr/local/var/run/radiusd/radiusd.sock<BR>Listening on proxy address * port 1814<BR>Ready to process requests.<BR>rad_recv: Access-Request packet from host 10.155.20.85 port 32807, id=118, length=125<BR> Service-Type = Authorize-Only<BR> NAS-Port-Type = Wireless-802.11<BR> User-Name = "hhe"<BR> MS-CHAP-Challenge = 0xd764c8cce93255c4478d7aa05d83f3ea<BR> MS-CHAP2-Response = 0x9c00a2b7249b043e23cd2866211bff3783d60000000000000000924fed02a24dee7533a7b9af370e858e1b798d9151617838<BR> NAS-IP-Address = 10.155.20.85<BR>+- entering group authorize {...}<BR>++[chap] returns noop<BR>[mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap'<BR>++[mschap] returns ok<BR>[eap] No EAP-Message, not doing EAP<BR>++[eap] returns noop<BR>[ldap] performing user authorization for hhe<BR>[ldap] expand: (sAMAccountName=%{mschap:User-Name}) ->
(sAMAccountName=hhe)<BR>[ldap] expand: OU=Domain Controllers,dc=xjtu,dc=cn -> OU=Domain Controllers,dc=xjtu,dc=cn<BR> [ldap] ldap_get_conn: Checking Id: 0<BR> [ldap] ldap_get_conn: Got Id: 0<BR> [ldap] attempting LDAP reconnection<BR> [ldap] (re)connect to 10.155.3.250:389, authentication 0<BR> [ldap] bind as <A href="mailto:hhe@xjtu.cn/w2006njh">hhe@xjtu.cn/w2006njh</A> to 10.155.3.250:389<BR> [ldap] waiting for bind result ...<BR> [ldap] Bind was successful<BR> [ldap] performing search in OU=Domain Controllers,dc=xjtu,dc=cn, with filter (sAMAccountName=hhe)<BR>[ldap] looking for check items in directory...<BR>[ldap] looking for reply items in directory...<BR>WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?<BR>[ldap] user hhe authorized to use remote access<BR> [ldap] ldap_release_conn: Release Id: 0<BR>++[ldap] returns
ok<BR>[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.<BR>++[pap] returns noop<BR>Found Auth-Type = MSCHAP<BR>+- entering group MS-CHAP {...}<BR>[mschap] Told to do MS-CHAPv2 for hhe with NT-Password<BR>[mschap] No NT-Domain was found in the User-Name.</DIV>
<DIV><BR><FONT style="BACKGROUND-COLOR: #bfbf00" color=#ff4040>[mschap] expand: --domain=%{mschap:NT-Domain:-xjtu} -> --domain=</FONT></DIV>
<DIV><FONT style="BACKGROUND-COLOR: #bfbf00" color=#ff4040></FONT><BR>[mschap] expand: --username=%{mschap:User-Name:-None} -> --username=hhe<BR>[mschap] mschap2: d7<BR>[mschap] expand: --challenge=%{mschap:Challenge:-00} -> --challenge=cf5ba32b520debdd<BR>[mschap] expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=924fed02a24dee7533a7b9af370e858e1b798d9151617838<BR>Exec-Program output: No such user (0xc0000064) <BR>Exec-Program-Wait: plaintext: No such user (0xc0000064) <BR>Exec-Program: returned: 1<BR>[mschap] External script failed.<BR>[mschap] FAILED: MS-CHAP2-Response is incorrect<BR>++[mschap] returns reject<BR>Failed to authenticate the user.<BR>Delaying reject of request 0 for 1 seconds<BR>Going to the next request<BR>Waking up in 0.6 seconds.<BR>Sending delayed reject for request 0<BR>Sending Access-Reject of id 118 to 10.155.20.85 port 32807<BR> MS-CHAP-Error = "\234E=691 R=1"<BR>Waking up in
4.9 seconds.<BR>Cleaning up request 0 ID 118 with timestamp +33<BR>Ready to process requests.</DIV>
<DIV> </DIV>
<DIV><BR><BR>--- <B>10年7月1日,周四, Alan DeKok <I><aland@deployingradius.com></I></B> 写道:<BR></DIV>
<BLOCKQUOTE style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: rgb(16,16,255) 2px solid"><BR>发件人: Alan DeKok <aland@deployingradius.com><BR>主题: Re: ntlm_auth fails for none domain<BR>收件人: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org><BR>日期: 2010年7月1日,周四,下午2:02<BR><BR>
<DIV class=plainMail>John wrote:<BR>> "xjtu" is our default domain, for users under this domain will only use<BR>> username to authenticate to RADIUS. With 1.1.6, it will get "xjtu" as<BR>> domain; But with 2.1.9, it will not, please see the debug info below.<BR><BR> You have deleted nearly all of the debug information, including the<BR>information we need to help you.<BR><BR> Alan DeKok.<BR>-<BR>List info/subscribe/unsubscribe? See <A href="http://www.freeradius.org/list/users.html" target=_blank>http://www.freeradius.org/list/users.html</A><BR></DIV></BLOCKQUOTE></td></tr></table><br>