<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
El 30/11/2011 16:57, Alan Buxey escribió:
<blockquote cite="mid:20111130215724.GA13067@lboro.ac.uk"
type="cite">
<pre wrap="">Hi,
</pre>
<blockquote type="cite">
<pre wrap="">Hello friends, I tell them:
When I try to authenticate using mschap I encounter this
error''NT_STATUS_WRONG_PASSWORD: Wrong Password'', yet when I do the
test using authentic pap without problems. I'm trying to authenticate my
freeradius server with active directory server.
Greetings and waiting for your help. William
</pre>
</blockquote>
<pre wrap="">
what happens when you run the ntlm_auth command direct on command line?
what version of SAMBA are you running?
alan
-
List info/subscribe/unsubscribe? See <a class="moz-txt-link-freetext" href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a>
Fin a la injusticia, LIBERTAD AHORA A NUESTROS CINCO COMPATRIOTAS QUE SE ENCUENTRAN INJUSTAMENTE EN PRISIONES DE LOS EEUU!
<a class="moz-txt-link-freetext" href="http://www.antiterroristas.cu">http://www.antiterroristas.cu</a>
<a class="moz-txt-link-freetext" href="http://justiciaparaloscinco.wordpress.com">http://justiciaparaloscinco.wordpress.com</a>
</pre>
</blockquote>
<span id="result_box" class="long_text" lang="en"><span class="hps">Hi
Alan</span><span>,</span> <span class="hps">when I run the</span>
<span class="hps">ntlm_auth</span> <span class="hps">command</span>
<span class="hps">gives me</span> <span class="hps">an effective
response</span></span>.<br>
<b>ntlm_auth --request-nt-key --domain=MyDomain
--username=USER--password=PASS</b><br>
<u><i>NT_STATUS_OK: Success (0x0)</i></u><br>
<br>
<u><b>freeradius -X (DEBUG MODE)</b></u><br>
rad_recv: Access-Request packet from host 127.0.0.1 port 55866,
id=115, length=60<br>
User-Name = "gwilliam"<br>
User-Password = "1qazxsw23edc@"<br>
NAS-IP-Address = 127.0.0.1<br>
NAS-Port = 0<br>
# Executing section authorize from file
/etc/freeradius/sites-enabled/default<br>
+- entering group authorize {...}<br>
++[preprocess] returns ok<br>
[auth_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
-> /var/log/freeradius/radacct/127.0.0.1/auth-detail-20111130<br>
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/var/log/freeradius/radacct/127.0.0.1/auth-detail-20111130<br>
[auth_log] expand: %t -> Wed Nov 30 17:05:41 2011<br>
++[auth_log] returns ok<br>
++[chap] returns noop<br>
++[mschap] returns noop<br>
++? if (!control:Auth-Type && User-Password)<br>
? Evaluating !(control:Auth-Type ) -> TRUE<br>
? Evaluating (User-Password) -> TRUE<br>
++? if (!control:Auth-Type && User-Password) -> TRUE<br>
++- entering if (!control:Auth-Type && User-Password) {...}<br>
+++[control] returns noop<br>
++- if (!control:Auth-Type && User-Password) returns noop<br>
[ntlm_auth] expand: --username=%{mschap:User-Name} ->
--username=gwilliam<br>
[ntlm_auth] expand: --password=%{User-Password} ->
--password=1qazxsw23edc@<br>
Exec-Program output: NT_STATUS_OK: Success (0x0)<br>
Exec-Program-Wait: plaintext: NT_STATUS_OK: Success (0x0)<br>
Exec-Program: returned: 0<br>
++[ntlm_auth] returns ok<br>
[suffix] No '@' in User-Name = "gwilliam", looking up realm NULL<br>
[suffix] No such realm "NULL"<br>
++[suffix] returns noop<br>
[eap] No EAP-Message, not doing EAP<br>
++[eap] returns noop<br>
++[files] returns noop<br>
++[expiration] returns noop<br>
++[logintime] returns noop<br>
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.<br>
++[pap] returns noop<br>
Found Auth-Type = ntlm_auth<br>
# Executing group from file /etc/freeradius/sites-enabled/default<br>
+- entering group ntlm_auth {...}<br>
<b>[ntlm_auth] expand: --username=%{mschap:User-Name} ->
--username=gwilliam<br>
[ntlm_auth] expand: --password=%{User-Password} ->
--password=1qazxsw23edc@<br>
Exec-Program output: NT_STATUS_OK: Success (0x0)<br>
Exec-Program-Wait: plaintext: NT_STATUS_OK: Success (0x0)</b><br>
Exec-Program: returned: 0<br>
++[ntlm_auth] returns ok<br>
# Executing section post-auth from file
/etc/freeradius/sites-enabled/default<br>
+- entering group post-auth {...}<br>
++[exec] returns noop<br>
Sending Access-Accept of id 115 to 127.0.0.1 port 55866<br>
Finished request 0.<br>
Going to the next request<br>
Waking up in 4.9 seconds.<br>
Cleaning up request 0 ID 115 with timestamp +34<br>
Ready to process requests.<br>
<br>
<u><b><span id="result_box" class="long_text" lang="en"><span
class="hps">when I do</span> <span class="hps">the test
using</span> <span class="hps">mschap</span> <span
class="hps">radtest</span><span class="">-t</span> <span
class="hps">is when</span> <span class="hps">the key is</span>
<span class="hps">erroneous</span></span></b></u><br>
<i>radtest -t mschap gwilliam 1qazxsw23edc@ localhost 0 testing123</i><br>
<br>
rad_recv: Access-Request packet from host 127.0.0.1 port 37155,
id=130, length=116<br>
User-Name = "gwilliam"<br>
NAS-IP-Address = 127.0.0.1<br>
NAS-Port = 0<br>
MS-CHAP-Challenge = 0xd85c0848bec6df72<br>
MS-CHAP-Response =
0x0001000000000000000000000000000000000000000000000000d6f2f97947a122925fa9019e04b04834cc4857db4a4d359f<br>
# Executing section authorize from file
/etc/freeradius/sites-enabled/default<br>
+- entering group authorize {...}<br>
++[preprocess] returns ok<br>
[auth_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
-> /var/log/freeradius/radacct/127.0.0.1/auth-detail-20111130<br>
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/var/log/freeradius/radacct/127.0.0.1/auth-detail-20111130<br>
[auth_log] expand: %t -> Wed Nov 30 17:07:09 2011<br>
++[auth_log] returns ok<br>
++[chap] returns noop<br>
[mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap'<br>
++[mschap] returns ok<br>
++? if (!control:Auth-Type && User-Password)<br>
? Evaluating !(control:Auth-Type ) -> FALSE<br>
? Skipping (User-Password)<br>
++? if (!control:Auth-Type && User-Password) -> FALSE<br>
<b>[ntlm_auth] expand: --username=%{mschap:User-Name} ->
--username=gwilliam<br>
[ntlm_auth] expand: --password=%{User-Password} ->
--password=<br>
Exec-Program output: NT_STATUS_WRONG_PASSWORD: Wrong Password
(0xc000006a)<br>
Exec-Program-Wait: plaintext: NT_STATUS_WRONG_PASSWORD: Wrong
Password (0xc000006a)<br>
Exec-Program: returned: 1<br>
++[ntlm_auth] returns reject</b><br>
Using Post-Auth-Type Reject<br>
# Executing group from file /etc/freeradius/sites-enabled/default<br>
+- entering group REJECT {...}<br>
[attr_filter.access_reject] expand: %{User-Name} -> gwilliam<br>
attr_filter: Matched entry DEFAULT at line 11<br>
++[attr_filter.access_reject] returns updated<br>
Delaying reject of request 1 for 1 seconds<br>
Going to the next request<br>
Waking up in 0.9 seconds.<br>
Sending delayed reject for request 1<br>
Sending Access-Reject of id 130 to 127.0.0.1 port 37155<br>
Waking up in 4.9 seconds.<br>
Cleaning up request 1 ID 130 with timestamp +122<br>
Ready to process requests.<br>
<br>
<span id="result_box" class="long_text" lang="en"><span class="hps">My</span>
<span class="hps">samba</span> <span class="hps">version</span> <span
class="hps">is</span> <span class="hps">3.5.8,</span> <span
class="hps">my OS</span> <span class="hps">is ubuntu</span> <span
class="hps">server version 11.04.<br>
Thanks for you help.</span><span class="hps"></span></span><br>
<br>
<br>
<br>
<html>
<body>
<a href="http://www.antiterroristas.cu/">
<img src="http://cincoheroes.uci.cu/cinco.gif" alft="Para mas informacion consultar \n
http://wwww.antiterroristas.cu y http://justiciaparaloscinco.wordpress.com" width="792" height="52" />
</body>
</html>
<br>
</body>
</html>