<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:p="urn:schemas-microsoft-com:office:powerpoint" xmlns:a="urn:schemas-microsoft-com:office:access" xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s="uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema" xmlns:b="urn:schemas-microsoft-com:office:publisher" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" xmlns:c="urn:schemas-microsoft-com:office:component:spreadsheet" xmlns:odc="urn:schemas-microsoft-com:office:odc" xmlns:oa="urn:schemas-microsoft-com:office:activation" xmlns:html="http://www.w3.org/TR/REC-html40" xmlns:q="http://schemas.xmlsoap.org/soap/envelope/" xmlns:rtc="http://microsoft.com/officenet/conferencing" xmlns:D="DAV:" xmlns:Repl="http://schemas.microsoft.com/repl/" xmlns:mt="http://schemas.microsoft.com/sharepoint/soap/meetings/" xmlns:x2="http://schemas.microsoft.com/office/excel/2003/xml" xmlns:ppda="http://www.passport.com/NameSpace.xsd" xmlns:ois="http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir="http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dsp="http://schemas.microsoft.com/sharepoint/dsp" xmlns:udc="http://schemas.microsoft.com/data/udc" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:sub="http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/" xmlns:ec="http://www.w3.org/2001/04/xmlenc#" xmlns:sp="http://schemas.microsoft.com/sharepoint/" xmlns:sps="http://schemas.microsoft.com/sharepoint/soap/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:udcs="http://schemas.microsoft.com/data/udc/soap" xmlns:udcxf="http://schemas.microsoft.com/data/udc/xmlfile" xmlns:udcp2p="http://schemas.microsoft.com/data/udc/parttopart" xmlns:wf="http://schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:dsss="http://schemas.microsoft.com/office/2006/digsig-setup" xmlns:dssi="http://schemas.microsoft.com/office/2006/digsig" xmlns:mdssi="http://schemas.openxmlformats.org/package/2006/digital-signature" xmlns:mver="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns:mrels="http://schemas.openxmlformats.org/package/2006/relationships" xmlns:spwp="http://microsoft.com/sharepoint/webpartpages" xmlns:ex12t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:ex12m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:pptsl="http://schemas.microsoft.com/sharepoint/soap/SlideLibrary/" xmlns:spsl="http://microsoft.com/webservices/SharePointPortalServer/PublishedLinksService" xmlns:Z="urn:schemas-microsoft-com:" xmlns:st="�" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 12 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-priority:99;
mso-style-link:"Plain Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.5pt;
font-family:Consolas;}
span.PlainTextChar
{mso-style-name:"Plain Text Char";
mso-style-priority:99;
mso-style-link:"Plain Text";
font-family:Consolas;}
span.EmailStyle19
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1406534410;
mso-list-type:hybrid;
mso-list-template-ids:2029530780 -1651354468 134807555 134807557 134807553 134807555 134807557 134807553 134807555 134807557;}
@list l0:level1
{mso-level-start-at:4;
mso-level-number-format:bullet;
mso-level-text:-;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Consolas;
mso-fareast-font-family:Calibri;
mso-bidi-font-family:"Times New Roman";
color:black;}
@list l0:level2
{mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level3
{mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level4
{mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level5
{mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level6
{mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level7
{mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level8
{mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level9
{mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-GB" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoPlainText">I've been following the FreeRadius Deployment guide <a href="http://deployingradius.com/documents/configuration/active_directory.html">
http://deployingradius.com/documents/configuration/active_directory.html</a><o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">The following software is installed on a Centos 6 VM:<o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:36.0pt;text-indent:-18.0pt;mso-list:l0 level1 lfo2">
<![if !supportLists]><span style="color:black"><span style="mso-list:Ignore">-<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="color:black">Samba 3.5.4, Freeradius 2.1.9, wpa_supplicant-0.7.3, gcc v4.4.4-13, openssl, winbind.</span><o:p></o:p></p>
<p class="MsoPlainText"><span style="color:black"><o:p> </o:p></span></p>
<p class="MsoPlainText" style="margin-bottom:12.0pt"><span style="color:black">I successfully performed basic configuration tests with the ‘eapol_test’ command for:<br>
- PAP, EAP, EAP-TLS, EAP-TTLS, EAP-MD5 & EAP-MSCHAPv5.<o:p></o:p></span></p>
<p class="MsoPlainText" style="margin-bottom:12.0pt"><span style="color:black">I’ve created production certificates & successfully tested for the above protocols.<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="color:black">Installed Kerberos 1.8.2 & tested that successfully.<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="color:black"><o:p> </o:p></span></p>
<p class="MsoPlainText" style="margin-bottom:12.0pt"><span style="color:black">I started to configure FreeRadius with AD and successfully tested it to use ntlm_auth.</span><o:p></o:p></p>
<p class="MsoPlainText">I've got to the final stage "Configuring FreeRADIUS to use ntlm_auth for MS-CHAP" in the deployment process.<o:p></o:p></p>
<p class="MsoPlainText">This stage says:<o:p></o:p></p>
<p class="MsoPlainText">1) "... delete the testing entry used above from the users file, ...", which I've done.<o:p></o:p></p>
<p class="MsoPlainText">2) "... fine (sic) the mschap module in raddb/modules/mschap file, and look for the line containing ntlm_auth = . It ... should be uncommented, ...", which I've done.<o:p></o:p></p>
<p class="MsoPlainText">3) "Start the server ..."<o:p></o:p></p>
<p class="MsoPlainText"> I ran 'radiusd -X'.<o:p></o:p></p>
<p class="MsoPlainText">4) "... and use a test client to send an MS-CHAP authentication request."<o:p></o:p></p>
<p class="MsoPlainText"> I've used the command 'eapol_test -c peap-mschapv2-cert-ntlm_auth.conf -s testing123'.<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">I can see from the 'radiusd -X' output that FreeRadius is not using MS-CHAP correctly:<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"><snip><o:p></o:p></p>
<p class="MsoPlainText"><span style="font-family:"Courier New"">[eap] processing type mschapv2<br>
[mschapv2] +- entering group MS-CHAP {...}<br>
[mschap] No Cleartext-Password configured. Cannot create LM-Password.<br>
[mschap] No Cleartext-Password configured. Cannot create NT-Password.<br>
[mschap] Told to do MS-CHAPv2 for USERNAME with NT-Password<br>
[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.<br>
[mschap] FAILED: MS-CHAP2-Response is incorrect<br>
++[mschap] returns reject<br>
<snip></span><o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">The ‘eapol_test’ output reflects this:<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"><span style="font-family:"Courier New""><snip><o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-family:"Courier New"">EAP-PEAP: Selected Phase 2 EAP vendor 0 method 26<br>
EAP-MSCHAPV2: RX identifier 8 mschapv2_id 8<br>
EAP-MSCHAPV2: Received challenge<br>
EAP-MSCHAPV2: Authentication Servername - hexdump_ascii(len=11):<br>
65 64 75 72 6f 61 6d 74 65 73 74 USERNAME <br>
EAP-MSCHAPV2: Generating Challenge Response<br>
MSCHAPV2: Identity - hexdump_ascii(len=11):<br>
65 64 75 72 6f 61 6d 74 65 73 74 USERNAME <br>
MSCHAPV2: Username - hexdump_ascii(len=11):<br>
65 64 75 72 6f 61 6d 74 65 73 74 USERNAME <br>
MSCHAPV2: auth_challenge - hexdump(len=16): a5 e6 9e fa 6e 1f ec 2f 0b b6 a3 96 ef 45 15 32<br>
MSCHAPV2: peer_challenge - hexdump(len=16): 44 31 43 ff 2f 12 5b 25 b5 eb fb 59 6f 8d 2a a9<br>
MSCHAPV2: username - hexdump_ascii(len=11):<br>
65 64 75 72 6f 61 6d 74 65 73 74 USERNAME <br>
MSCHAPV2: password - hexdump_ascii(len=20):<br>
77 6f 72 6b 6d 61 6e 20 74 6f 64 61 79 20 61 72 PASSWORD<br>
6e 69 63 61 <br>
MSCHAPV2: NT Response - hexdump(len=24): 66 67 95 3d 56 d6 ab b4 ab ba 64 bf 6c db 8b 51 77 ad 3e bc 96 26 7c 7a<br>
MSCHAPV2: Auth Response - hexdump(len=20): f0 95 4d 86 ee 82 8f c0 12 84 cc a7 d0 72 fb e6 95 b3 ef d1<br>
MSCHAPV2: Master Key - hexdump(len=16): 31 8d ae c0 3d e1 42 0f ae 05 bc f0 72 da 98 72<br>
EAP-MSCHAPV2: TX identifier 8 mschapv2_id 8 (response)<br>
EAP-PEAP: Encrypting Phase 2 data - hexdump(len=70): 02 08 00 46 1a 02 08 00 41 31 44 31 43 ff 2f 12 5b 25 b5 eb fb 59 6f 8d 2a a9 00 00 00 00 00 00 00 00 66 67 95 3d 56 d6 ab b4 ab ba 64 bf 6c db 8b 51 77 ad 3e bc 96 26 7c 7a 00 65 64 75 72 6f 61 6d 74 65
73 74<br>
<snip><o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-family:"Courier New""><br>
RADIUS packet matching with station<br>
decapsulated EAP packet (code=4 id=9 len=4) from RADIUS server: EAP Failure<br>
EAPOL: Received EAP-Packet frame<br>
EAPOL: SUPP_BE entering state REQUEST<br>
EAPOL: getSuppRsp<br>
EAP: EAP entering state RECEIVED<br>
EAP: Received EAP-Failure<br>
EAP: EAP entering state FAILURE<br>
CTRL-EVENT-EAP-FAILURE EAP authentication failed<br>
EAPOL: SUPP_PAE entering state HELD<br>
EAPOL: SUPP_BE entering state RECEIVE<br>
EAPOL: SUPP_BE entering state FAIL<br>
EAPOL: SUPP_BE entering state IDLE<br>
eapol_sm_cb: success=0<br>
EAPOL: EAP key not available<br>
EAP: deinitialize previously used EAP method (25, PEAP) at EAP deinit<br>
ENGINE: engine deinit<br>
MPPE keys OK: 0 mismatch: 1<br>
FAILURE</span><o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">The peap-mschapv2-cert-ntlm_auth.conf file contains:<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"><span style="font-family:"Courier New"">#<br>
# eapol_test -c peap-mschapv2-cert-ntlm_auth.conf -s testing123<br>
#<br>
<br>
eapol_version=1<br>
fast_reauth=0<br>
<br>
network={<br>
key_mgmt=WPA-EAP<br>
eap=PEAP<br>
identity="USERNAME"<br>
# anonymous_identity="anonymous"<br>
password="PASSWORD"<br>
phase2="auth=MSCHAPV2"<br>
<br>
priority=10<br>
<br>
#<br>
# Uncomment the following to perform server certificate validation.<br>
ca_cert="/etc/raddb/certs/ca.der"<br>
}</span><o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">The file /etc/raddb/modules/mschap contains:<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"><span style="font-family:"Courier New""># -*- text -*-<br>
#<br>
# $Id$<br>
<br>
# Microsoft CHAP authentication<br>
#<br>
# This module supports MS-CHAP and MS-CHAPv2 authentication.<br>
# It also enforces the SMB-Account-Ctrl attribute.<br>
#<br>
mschap {<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-family:"Courier New""> #ntlm_auth = "/path/to/ntlm_auth --request-nt-key --username=%{%{Stripped-User-Name}:-%{User-Name:-None}} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"<br>
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name:-None} --domain=%{%{mschap:NT-Domain}:-CAMPUS} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"<br>
}</span><o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">/etc/raddb/users contains (commented lines removed for clarity):<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"><span style="font-family:"Courier New""># DEFAULT Auth-Type = ntlm_auth<br>
#<br>
DEFAULT Framed-Protocol == PPP<br>
Framed-Protocol = PPP,<br>
Framed-Compression = Van-Jacobson-TCP-IP<br>
<br>
DEFAULT Hint == "CSLIP"<br>
Framed-Protocol = SLIP,<br>
Framed-Compression = Van-Jacobson-TCP-IP<br>
<br>
DEFAULT Hint == "SLIP"<br>
Framed-Protocol = SLIP<br>
<br>
</span>/etc/raddb/sites-enabled/default, a link to ../sites-available/default, contains (most commented lines removed):<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"><span style="font-family:"Courier New"">authorize { preprocess<br>
<br>
chap<br>
<br>
mschap<br>
<br>
# digest<br>
<br>
# wimax<br>
<br>
# IPASS<br>
<br>
suffix<br>
# ntdomain<br>
<br>
eap {<br>
ok = return<br>
}<br>
<br>
unix<br>
<br>
files<br>
<br>
# sql<br>
<br>
# etc_smbpasswd<br>
<br>
# ldap<br>
<br>
# daily<br>
<br>
# checkval<br>
<br>
expiration<br>
logintime<br>
<br>
pap<br>
<br>
# Autz-Type Status-Server {<br>
#<br>
# }<br>
}<br>
<br>
authenticate {<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-family:"Courier New""> Auth-Type PAP {<br>
pap<br>
}<br>
<br>
Auth-Type CHAP {<br>
chap<br>
}<br>
<br>
Auth-Type MS-CHAP {<br>
mschap<br>
}<br>
<br>
# digest<br>
<br>
# pam<br>
<br>
unix<br>
<br>
# Auth-Type LDAP {<br>
# ldap<br>
# }<br>
<br>
eap<br>
<br>
# Auth-Type eap {<br>
# eap {<br>
# handled = 1 <br>
# }<br>
# if (handled && (Response-Packet-Type == Access-Challenge)) {<br>
# attr_filter.access_challenge.post-auth<br>
# handled # override the "updated" code from attr_filter<br>
# }<br>
# }<br>
<br>
ntlm_auth<br>
<br>
}<br>
<br>
preacct {<br>
preprocess<br>
<br>
# update request {<br>
# FreeRADIUS-Acct-Session-Start-Time = "%{expr: %l - %{%{Acct-Session-Time}:-0} - %{%{Acct-Delay-Time}:-0}}"<br>
# }<br>
<br>
acct_unique<br>
<br>
#<br>
# IPASS<br>
suffix<br>
# ntdomain<br>
<br>
files<br>
}<br>
<br>
accounting {<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-family:"Courier New""> detail<br>
# daily<br>
<br>
unix<br>
<br>
radutmp<br>
# sradutmp<br>
<br>
# main_pool<br>
<br>
# sql<br>
<br>
# if (noop) {<br>
# ok<br>
# }<br>
<br>
# sql_log<br>
<br>
# pgsql-voip<br>
<br>
attr_filter.accounting_response<br>
<br>
# Acct-Type Status-Server {<br>
#<br>
# }<br>
}<br>
<br>
session {<br>
radutmp<br>
<br>
# sql<br>
}<br>
<br>
post-auth {<br>
# main_pool<br>
<br>
# reply_log<br>
<br>
# sql<br>
<br>
# sql_log<br>
<br>
# ldap<br>
<br>
exec<br>
<br>
# wimax<br>
<br>
Post-Auth-Type REJECT {<br>
# sql<br>
attr_filter.access_reject<br>
}<br>
}<br>
<br>
pre-proxy {<br>
# attr_rewrite<br>
<br>
# files<br>
<br>
# attr_filter.pre-proxy<br>
<br>
# pre_proxy_log<br>
}<br>
<br>
post-proxy {<br>
<br>
# post_proxy_log<br>
<br>
# attr_rewrite<br>
<br>
# attr_filter.post-proxy<br>
<br>
eap<br>
<br>
# Post-Proxy-Type Fail {<br>
# detail<br>
# }<br>
}</span><o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">/etc/raddb/sites-enabled/inner-tunnel, a link to ../sites-available/inner-tunnel, contains (commented lines removed):<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"><span style="font-family:"Courier New""><br>
server inner-tunnel {<br>
<br>
#listen {<br>
# ipaddr = 127.0.0.1<br>
# port = 18120<br>
# type = auth<br>
#}<br>
<br>
authorize {<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-family:"Courier New""> chap<br>
<br>
mschap<br>
<br>
unix<br>
<br>
# IPASS<br>
<br>
suffix<br>
# ntdomain<br>
<br>
update control {<br>
Proxy-To-Realm := LOCAL<br>
}<br>
<br>
eap {<br>
ok = return<br>
}<br>
<br>
files<br>
<br>
# sql<br>
<br>
# etc_smbpasswd<br>
<br>
# ldap<br>
<br>
# daily<br>
<br>
# checkval<br>
<br>
expiration<br>
logintime<br>
<br>
pap<br>
}<br>
<br>
authenticate {<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-family:"Courier New""> Auth-Type PAP {<br>
pap<br>
}<br>
<br>
Auth-Type CHAP {<br>
chap<br>
}<br>
<br>
Auth-Type MS-CHAP {<br>
mschap<br>
}<br>
<br>
# pam<br>
<br>
unix<br>
<br>
# Auth-Type LDAP {<br>
# ldap<br>
# }<br>
<br>
eap<br>
<br>
ntlm_auth<br>
<br>
}<br>
<br>
session {<br>
radutmp<br>
<br>
# sql<br>
}<br>
<br>
<br>
post-auth {<br>
# reply_log<br>
<br>
# sql<br>
<br>
# sql_log<br>
<br>
# ldap<br>
<br>
Post-Auth-Type REJECT {<br>
# sql<br>
attr_filter.access_reject<br>
}<br>
<br>
<br>
}<br>
<br>
pre-proxy {<br>
# attr_rewrite<br>
<br>
# files<br>
<br>
# attr_filter.pre-proxy<br>
<br>
# pre_proxy_log<br>
}<br>
<br>
post-proxy {<br>
<br>
# post_proxy_log<br>
<br>
# attr_rewrite<br>
<br>
# attr_filter.post-proxy<br>
<br>
eap<br>
<br>
# Post-Proxy-Type Fail {<br>
# detail<br>
# }<br>
<br>
}<br>
<br>
} # inner-tunnel server block</span><o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">However, it’s not clear to me where the problem lies.<o:p></o:p></p>
<p class="MsoPlainText">I’ve attached various files to illustrate the problem.<o:p></o:p></p>
<p class="MsoPlainText">Can anyone point me in the direction of a solution?<o:p></o:p></p>
<p class="MsoPlainText">I’ve not included full versions of the output due to the mailing list’s message size limit.<o:p></o:p></p>
<p class="MsoPlainText">Please let me know if I’ve not included sufficient information to diagnose the problem.<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">Cheers<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">Martin.<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">P.S. I’ve hidden the actual username & password used.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>