<span style="font-family: Arial; font-size: 13px;">Hi again.<br><br>I have one last Problem.<br>I hope i don´t bug you.<br><br>The mschapv2 challange fails.<br><span id="text-body-displayed">--domain=%{mschap:NT-Domain} doesn´t change the result.</span><br><br>[mschapv2] # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel<br>[mschapv2] +- entering group MS-CHAP {...}<br>[mschap] Creating challenge hash with username: hausmeister@oblan<br>[mschap] Told to do MS-CHAPv2 for hausmeister@oblan with NT-Password<br>[mschap] expand: %{Stripped-User-Name} -> hausmeister<br>[mschap] expand: --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} -> --username=hausmeister<br>[mschap] Creating challenge hash with username: hausmeister@oblan<br>[mschap] expand: %{mschap:Challenge} -> fffc6d74f50463ee<br>[mschap] expand: --challenge=%{%{mschap:Challenge}:-00} -> --challenge=fffc6d74f50463ee<br>[mschap] expand: %{mschap:NT-Response} -> 46ced655ef1738b05dad84aaa9fea60fc7cfa22f9c6c563b<br>[mschap] expand: --nt-response=%{%{mschap:NT-Response}:-00} -> --nt-response=46ced655ef1738b05dad84aaa9fea60fc7cfa22f9c6c563b<br>Exec-Program output: Reading winbind reply failed! (0xc0000001)<br>Exec-Program-Wait: plaintext: Reading winbind reply failed! (0xc0000001)<br>Exec-Program: returned: 1<br>[mschap] External script failed.<br>[mschap] FAILED: MS-CHAP2-Response is incorrect<br>++[mschap] returns reject<br><br>NTLM_AUTH works:<br>haus-meister@KRATOS:~$ ntlm_auth --request-nt-key --username=hausmeister --domain=OBLAN<br>Password:<br>NT_STATUS_OK: Success (0x0)<br><br>Winbind gives me a list of all AD Users with wbinfo -u.<br>So im pretty sure i still have a mistake in the modules/mschap i´ve tried a couple of things but nothing worked...<br><br>Also i have another question:<br>Is there a way to tell the clients (especially iOS/Android) that they have to use a Proxy-Server (e.g 192.168.1.254:3128)<br>so that the Useres must not do that?<br><br>Thanks again!<br><br>-- <br>
Mit freundlichem Gruß<br>
Nicolas Fischer<br>
<br>
email: nfischer@hush.com<br>
jabber: jagger@jabber.ccc.de<br>
tel: 01573-0420888<br>
Skype: jagger64<br>
TOX: Just ask me :)<br>
<br>
PGP-Key:<br>
<a href="http://keyserver.ubuntu.com/pks/lookup?op=vindex&fingerprint=on&search=0xCF5E6AD15A5B6132">http://keyserver.ubuntu.com/pks/lookup?op=vindex&fingerprint=on&search=0xCF5E6AD15A5B6132</a><br>
If you sent me a PGP Crypted Mail I´ll be happy and will give you a free cookie :)</span>