<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    Hi Stefan,<br>
    <br>
    Thanks for the reply.<br>
    <br>
    I have already added that in my module.<br>
    <br>
    <small><tt>program = "/usr/bin/ntlm_auth --request-nt-key
        --domain=mycompany.local --username=%{mschap:User-Name}
        --password=%{User-Password}"</tt></small><br>
    <br>
    I am getting valid response for <br>
    <br>
    <tt><span style="font-size:10.0pt">radtest -t mschap prashant
        Active@123 localhost 0 testing123
      </span></tt><span
      style="font-size:10.0pt;font-family:"Courier New""><br>
      <br>
      <big>-<br>
        Prashant<br>
      </big>
    </span><br>
    <div class="moz-cite-prefix">On Monday 16 June 2014 05:49 PM, Stefan
      Paetow wrote:<br>
    </div>
    <blockquote cite="mid:C072996E0B81144DBB9426B44462540CE7B2FB@EXC001"
      type="cite">
      <meta http-equiv="Content-Type" content="text/html;
        charset=ISO-8859-1">
      <meta name="Generator" content="Microsoft Word 15 (filtered
        medium)">
      <style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";
        color:black;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
tt
        {mso-style-priority:99;
        font-family:"Courier New";}
span.EmailStyle18
        {mso-style-type:personal-reply;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page WordSection1
        {size:612.0pt 792.0pt;
        margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
      <div class="WordSection1">
        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US">Well,
            the message is very clear. There is no domain in the
            username.
            <o:p></o:p></span></p>
        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US">You
            can either try to enter ‘DOMAIN\prashant’ (where DOMAIN is
            the domain of your Active Directory) and let one of the
            modules deal with it, or you can modify the ntlm_auth
            command-line and specify it there. <o:p>
            </o:p></span></p>
        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US">Stefan<o:p></o:p></span></p>
        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
        <div>
          <div style="border:none;border-top:solid #E1E1E1
            1.0pt;padding:3.0pt 0cm 0cm 0cm">
            <p class="MsoNormal"><b><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:windowtext"
                  lang="EN-US">From:</span></b><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:windowtext"
                lang="EN-US">
                <a class="moz-txt-link-abbreviated" href="mailto:freeradius-users-bounces+stefan.paetow=ja.net@lists.freeradius.org">freeradius-users-bounces+stefan.paetow=ja.net@lists.freeradius.org</a>
                [<a class="moz-txt-link-freetext" href="mailto:freeradius-users-bounces+stefan.paetow=ja.net@lists.freeradius.org">mailto:freeradius-users-bounces+stefan.paetow=ja.net@lists.freeradius.org</a>]
                <b>On Behalf Of
                </b>Prashant A<br>
                <b>Sent:</b> 16 June 2014 13:06<br>
                <b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a>;
                <a class="moz-txt-link-abbreviated" href="mailto:dev1278977@gmail.com">dev1278977@gmail.com</a><br>
                <b>Subject:</b> Freeradius with Active Directory<o:p></o:p></span></p>
          </div>
        </div>
        <p class="MsoNormal"><o:p> </o:p></p>
        <p class="MsoNormal">Hi All,<br>
          <br>
          I have followed the guide for integrating freeradius with
          active directory which is mentioned here,<br>
          <br>
          <a moz-do-not-send="true"
href="http://deployingradius.com/documents/configuration/active_directory.html">http://deployingradius.com/documents/configuration/active_directory.html</a><br>
          <br>
          So finally,<br>
          <br>
          <tt><span style="font-size:10.0pt">radtest -t mschap prashant
              Active@123 localhost 0 testing123
            </span></tt><span
            style="font-size:10.0pt;font-family:"Courier New""><br>
          </span><br>
          Gives me following output<span
            style="font-size:10.0pt;font-family:"Courier New""><br>
            <br>
            <tt>Sending Access-Request Id 40 from 0.0.0.0:54825 to
              127.0.0.1:1812</tt><br>
            <tt>    User-Name = 'prashant'</tt><br>
            <tt>    NAS-IP-Address = 127.0.1.1</tt><br>
            <tt>    NAS-Port = 0</tt><br>
            <tt>    Message-Authenticator = 0x00</tt><br>
            <tt>    MS-CHAP-Challenge = 0x42b125cb7f6408b4</tt><br>
            <tt>    MS-CHAP-Response =
0x0001000000000000000000000000000000000000000000000000c82b9abb20333db96efcb1f93beb602b39ebbd007a8c0392</tt><br>
            <tt>Received Access-Accept Id 40 from 127.0.0.1:1812 to
              127.0.0.1:54825 length 84</tt><br>
            <tt>    MS-CHAP-MPPE-Keys = 0x</tt><br>
            <tt>    MS-MPPE-Encryption-Policy = Encryption-Allowed</tt><br>
            <tt>    MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed</tt><br>
          </span><br>
          But when I try to login from webpage I am getting following
          response<span
            style="font-size:10.0pt;font-family:"Courier New""><br>
            <br>
            <tt>(0) mschap : Client is using MS-CHAPv2</tt><br>
            <tt>(0) mschap : Executing: /usr/bin/ntlm_auth
              --request-nt-key --username=%{mschap:User-Name:-None}
              --domain=%{%{mschap:NT-Domain}:-mycompany.local}
              --challenge=%{mschap:Challenge:-00}
              --nt-response=%{mschap:NT-Response:-00}</tt><br>
            <tt>(0) mschap : EXPAND --username=%{mschap:User-Name:-None}</tt><br>
            <tt>(0) mschap :    --> --username=prashant</tt><br>
            <tt>(0)<b> ERROR: mschap : No NT-Domain was found in the
                User-Name</b></tt><br>
            <tt>(0) mschap : EXPAND
              --domain=%{%{mschap:NT-Domain}:-mycompany.local}</tt><br>
            <tt>(0) mschap :    --> --domain=mycompany.local</tt><br>
            <tt>(0) mschap : Creating challenge hash with username:
              prashant</tt><br>
            <tt>(0) mschap : EXPAND --challenge=%{mschap:Challenge:-00}</tt><br>
            <tt>(0) mschap :    --> --challenge=e5d49180d36eb904</tt><br>
            <tt>(0) mschap : EXPAND
              --nt-response=%{mschap:NT-Response:-00}</tt><br>
            <tt><b>(0) mschap :    -->
                --nt-response=0000000e0000000000000000000000000000000000000000</b></tt><b><br>
              <tt>(0) ERROR: mschap : Program returned code (1) and
                output 'Logon failure (0xc000006d)'</tt></b><br>
            <tt>(0) mschap : External script failed.</tt><br>
            <tt>(0) ERROR: mschap : External script says: Logon failure
              (0xc000006d)</tt><br>
            <tt>(0) ERROR: mschap : MS-CHAP2-Response is incorrect</tt><br>
            <tt>(0)   [mschap] = reject</tt><br>
            <tt>(0)  } # Auth-Type MS-CHAP = reject</tt><br>
            <br>
          </span>Can somebody help me to understand what exactly the
          issue. I am using FreeRADIUS Version 3.0.3 and Samba version
          3.6.3.<br>
          <br>
          Thanks & Regards,<br>
          Prashant<o:p></o:p></p>
      </div>
      <pre>Janet(UK) is a trading name of Jisc Collections and Janet Limited, a 
not-for-profit company which is registered in England under No. 2881024 
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238
</pre>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">-
List info/subscribe/unsubscribe? See <a class="moz-txt-link-freetext" href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a></pre>
    </blockquote>
    <br>
  </body>
</html>