<div>Hi,</div><div>I have been unable to get a PEAP user to work, but I was able to get a TLS User to work.</div><div>It keeps on failing for MSCHAP. I tried to change the mschap module settings but this made no difference.</div>
<div>I am currently using samba 3.5 with active directory. Does my ntlm_auth path look correct?</div><div>Thanks for every ones help,</div><div>Scott</div><div><br></div><div><br></div><div>ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{%{Stripped-User-Name}:-%{User-Name:-None}} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>#ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name:-None} --domain=%{%mschap:NT-domain}:-SQA.net} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"</div>
<div>}</div><div><br></div><br><div class="gmail_quote">On Mon, May 14, 2012 at 1:55 PM, James J J Hooper [via FreeRadius] <span dir="ltr"><<a href="/user/SendEmail.jtp?type=node&node=5710144&i=0" target="_top" rel="nofollow" link="external">[hidden email]</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
On 11/05/2012 13:35, Phil Mayers wrote:
<div><div class='shrinkable-quote'><br>> On 11/05/12 13:10, sgilmour wrote:
<br>>
<br>>> --nt-response=46eb0f981a6121ad65e5726b0ee0e2097d610172204c7f24
<br>>> Fri May 11 08:08:13 2012 : Debug: Exec-Program output: Access denied
<br>>> (0xc0000022)
<br>>> Fri May 11 08:08:13 2012 : Debug: Exec-Program-Wait: plaintext: Access
<br>>> denied (0xc0000022)
<br>>> Fri May 11 08:08:13 2012 : Debug: Exec-Program: returned: 1
<br>>> Fri May 11 08:08:13 2012 : Info: [mschap] External script failed.
<br>>> Fri May 11 08:08:13 2012 : Info: [mschap] FAILED: MS-CHAP2-Response is
<br>>> incorrect
<br>>
<br>>
<br>> The "ntlm_auth" helper is returning errors. Try the command from the CLI
<br>> and examine the output. Check the permissions on the winbind socket
<br>> (google for details) and SELinux contexts, if applicable.
</div></div>AD can return 0xc0000022 when for example the domain controller
<br>ntlm_auth/winbind is talking to can not contact the PDC. If you are
<br>continuing to have issues, and have completed Phil's suggestions, check
<br>the logs on your domain controllers for anomalies.
<br><br>-James
<br>-
<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" rel="nofollow" link="external" target="_blank">http://www.freeradius.org/list/users.html</a><br>
<br>
<br>
<hr noshade size="1" color="#cccccc">
<div style="color:#444;font:12px tahoma,geneva,helvetica,arial,sans-serif">
<div style="font-weight:bold">If you reply to this email, your message will be added to the discussion below:</div>
<a href="http://freeradius.1045715.n5.nabble.com/MSCHAP-Errors-tp5702886p5709347.html" target="_blank" rel="nofollow" link="external">http://freeradius.1045715.n5.nabble.com/MSCHAP-Errors-tp5702886p5709347.html</a>
</div>
<div style="color:#666;font:11px tahoma,geneva,helvetica,arial,sans-serif;margin-top:.4em;line-height:1.5em">
To unsubscribe from MSCHAP Errors, <a href="" target="_blank" rel="nofollow" link="external">click here</a>.<br>
<a href="http://freeradius.1045715.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml" rel="nofollow" style="font:9px serif" target="_blank" link="external">NAML</a>
</div></blockquote></div><br><br clear="all"><div><br></div><br>
<br/><hr align="left" width="300" />
View this message in context: <a href="http://freeradius.1045715.n5.nabble.com/MSCHAP-Errors-tp5702886p5710144.html">Re: MSCHAP Errors</a><br/>
Sent from the <a href="http://freeradius.1045715.n5.nabble.com/FreeRadius-User-f2740693.html">FreeRadius - User mailing list archive</a> at Nabble.com.<br/>