Firstly I am new to FreeRadius and am configuring my first radius server to talk to our Windows 2003 AD.
I have intalled and configured FreeRadius 2.1.8 to talk to the AD as documented in various tutorials on the internet.
Initially I had configured the connection between the Freeradius server and our Windows 2003 Active directory using ntlm_auth.
Using the command line
ntlm_auth –-request-nt-key –-domain=<your domain> –-username= <your username>
comes back with
NT_STATUS_OK : Success (0x0)
Which is what i would expect as a valid username and password.
Now when I go to the next step and enable this in /etc/raddb/modules/mschap
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username==%{%{Stripped-User-Name}:-%{User-Name:-None}} --domain=%{%{mschap:NT-Domain}:-OURDOMAIN} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
Our active directory server does comes back with an error. When I look at the server log on our AD it shows
Event Type: Failure Audit
Event Source: Security
Event Category: Account Logon
Event ID: 680
Date: 17/03/2010
Time: 13:35:51
User: NT AUTHORITY\SYSTEM
Computer: DCB
Description:
Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon account: =<radius_user>
Source Workstation: \\<radius_server>
Error Code: 0xC0000064
When I google the windows error code I get
Error code: 0xC0000064 - This error code can occur if a server is configured to Require NTLMv2 Session Security and the client either is configured to not use it or is unable to negotiate it (e.g., Altiris DOS network boot stuff).
I know our server is configured for NTLMv2 and not V1.
Any ideas on how I can resolve this issue ?
I cannot understand why running the command works and using the line in MSCHAP fails ?