<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hi Stefan,<br>
<br>
Thanks for the reply.<br>
<br>
I have already added that in my module.<br>
<br>
<small><tt>program = "/usr/bin/ntlm_auth --request-nt-key
--domain=mycompany.local --username=%{mschap:User-Name}
--password=%{User-Password}"</tt></small><br>
<br>
I am getting valid response for <br>
<br>
<tt><span style="font-size:10.0pt">radtest -t mschap prashant
Active@123 localhost 0 testing123
</span></tt><span
style="font-size:10.0pt;font-family:"Courier New""><br>
<br>
<big>-<br>
Prashant<br>
</big>
</span><br>
<div class="moz-cite-prefix">On Monday 16 June 2014 05:49 PM, Stefan
Paetow wrote:<br>
</div>
<blockquote cite="mid:C072996E0B81144DBB9426B44462540CE7B2FB@EXC001"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
tt
{mso-style-priority:99;
font-family:"Courier New";}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US">Well,
the message is very clear. There is no domain in the
username.
<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US">You
can either try to enter ‘DOMAIN\prashant’ (where DOMAIN is
the domain of your Active Directory) and let one of the
modules deal with it, or you can modify the ntlm_auth
command-line and specify it there. <o:p>
</o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US">Stefan<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:windowtext"
lang="EN-US">From:</span></b><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:windowtext"
lang="EN-US">
<a class="moz-txt-link-abbreviated" href="mailto:freeradius-users-bounces+stefan.paetow=ja.net@lists.freeradius.org">freeradius-users-bounces+stefan.paetow=ja.net@lists.freeradius.org</a>
[<a class="moz-txt-link-freetext" href="mailto:freeradius-users-bounces+stefan.paetow=ja.net@lists.freeradius.org">mailto:freeradius-users-bounces+stefan.paetow=ja.net@lists.freeradius.org</a>]
<b>On Behalf Of
</b>Prashant A<br>
<b>Sent:</b> 16 June 2014 13:06<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a>;
<a class="moz-txt-link-abbreviated" href="mailto:dev1278977@gmail.com">dev1278977@gmail.com</a><br>
<b>Subject:</b> Freeradius with Active Directory<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Hi All,<br>
<br>
I have followed the guide for integrating freeradius with
active directory which is mentioned here,<br>
<br>
<a moz-do-not-send="true"
href="http://deployingradius.com/documents/configuration/active_directory.html">http://deployingradius.com/documents/configuration/active_directory.html</a><br>
<br>
So finally,<br>
<br>
<tt><span style="font-size:10.0pt">radtest -t mschap prashant
Active@123 localhost 0 testing123
</span></tt><span
style="font-size:10.0pt;font-family:"Courier New""><br>
</span><br>
Gives me following output<span
style="font-size:10.0pt;font-family:"Courier New""><br>
<br>
<tt>Sending Access-Request Id 40 from 0.0.0.0:54825 to
127.0.0.1:1812</tt><br>
<tt> User-Name = 'prashant'</tt><br>
<tt> NAS-IP-Address = 127.0.1.1</tt><br>
<tt> NAS-Port = 0</tt><br>
<tt> Message-Authenticator = 0x00</tt><br>
<tt> MS-CHAP-Challenge = 0x42b125cb7f6408b4</tt><br>
<tt> MS-CHAP-Response =
0x0001000000000000000000000000000000000000000000000000c82b9abb20333db96efcb1f93beb602b39ebbd007a8c0392</tt><br>
<tt>Received Access-Accept Id 40 from 127.0.0.1:1812 to
127.0.0.1:54825 length 84</tt><br>
<tt> MS-CHAP-MPPE-Keys = 0x</tt><br>
<tt> MS-MPPE-Encryption-Policy = Encryption-Allowed</tt><br>
<tt> MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed</tt><br>
</span><br>
But when I try to login from webpage I am getting following
response<span
style="font-size:10.0pt;font-family:"Courier New""><br>
<br>
<tt>(0) mschap : Client is using MS-CHAPv2</tt><br>
<tt>(0) mschap : Executing: /usr/bin/ntlm_auth
--request-nt-key --username=%{mschap:User-Name:-None}
--domain=%{%{mschap:NT-Domain}:-mycompany.local}
--challenge=%{mschap:Challenge:-00}
--nt-response=%{mschap:NT-Response:-00}</tt><br>
<tt>(0) mschap : EXPAND --username=%{mschap:User-Name:-None}</tt><br>
<tt>(0) mschap : --> --username=prashant</tt><br>
<tt>(0)<b> ERROR: mschap : No NT-Domain was found in the
User-Name</b></tt><br>
<tt>(0) mschap : EXPAND
--domain=%{%{mschap:NT-Domain}:-mycompany.local}</tt><br>
<tt>(0) mschap : --> --domain=mycompany.local</tt><br>
<tt>(0) mschap : Creating challenge hash with username:
prashant</tt><br>
<tt>(0) mschap : EXPAND --challenge=%{mschap:Challenge:-00}</tt><br>
<tt>(0) mschap : --> --challenge=e5d49180d36eb904</tt><br>
<tt>(0) mschap : EXPAND
--nt-response=%{mschap:NT-Response:-00}</tt><br>
<tt><b>(0) mschap : -->
--nt-response=0000000e0000000000000000000000000000000000000000</b></tt><b><br>
<tt>(0) ERROR: mschap : Program returned code (1) and
output 'Logon failure (0xc000006d)'</tt></b><br>
<tt>(0) mschap : External script failed.</tt><br>
<tt>(0) ERROR: mschap : External script says: Logon failure
(0xc000006d)</tt><br>
<tt>(0) ERROR: mschap : MS-CHAP2-Response is incorrect</tt><br>
<tt>(0) [mschap] = reject</tt><br>
<tt>(0) } # Auth-Type MS-CHAP = reject</tt><br>
<br>
</span>Can somebody help me to understand what exactly the
issue. I am using FreeRADIUS Version 3.0.3 and Samba version
3.6.3.<br>
<br>
Thanks & Regards,<br>
Prashant<o:p></o:p></p>
</div>
<pre>Janet(UK) is a trading name of Jisc Collections and Janet Limited, a
not-for-profit company which is registered in England under No. 2881024
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">-
List info/subscribe/unsubscribe? See <a class="moz-txt-link-freetext" href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a></pre>
</blockquote>
<br>
</body>
</html>