hi guys, someone can help me do find my mistakes on freeradius configuration to use ad? I have tried following this howto: http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO but still not working. output: radiusd -X -A -y -z > output.log tks a lot ############################################################## Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc//raddb/proxy.conf Config: including file: /etc//raddb/clients.conf Config: including file: /etc//raddb/snmp.conf Config: including file: /etc//raddb/eap.conf Config: including file: /etc//raddb/sql.conf main: prefix = "/usr/local" main: localstatedir = "/usr/local/var" main: logdir = "/usr/local/var/log/radius" main: libdir = "/usr/local/lib" main: radacctdir = "/usr/local/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/usr/local/var/log/radius/radius.log" main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid" main: user = "(null)" main: group = "(null)" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/local/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt" pap: auto_header = yes Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = yes mschap: passwd = "(null)" mschap: ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --domain=%{mschap:NT-Domain} --username=%{mschap:User-Name} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}" Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = "(null)" unix: group = "(null)" unix: radwtmp = "/usr/local/var/log/radius/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = "peap" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = "Password: " gtc: auth_type = "PAP" rlm_eap: Loaded and initialized type gtc tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/etc//raddb/certs/cert-srv.pem" tls: certificate_file = "/etc//raddb/certs/cert-srv.pem" tls: CA_file = "/etc//raddb/certs/demoCA/cacert.pem" tls: private_key_password = "whatever" tls: dh_file = "/etc//raddb/certs/dh" tls: random_file = "/dev/urandom" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = "(null)" tls: cipher_list = "(null)" tls: check_cert_issuer = "(null)" rlm_eap_tls: Loading the certificate file as a chain rlm_eap: Loaded and initialized type tls peap: default_eap_type = "mschapv2" peap: copy_request_to_tunnel = no peap: use_tunneled_reply = no peap: proxy_tunneled_request_as_eap = yes rlm_eap: Loaded and initialized type peap mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/etc//raddb/huntgroups" preprocess: hints = "/etc//raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no preprocess: with_alvarion_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded detail detail: detailfile = "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (auth_log) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/etc//raddb/users" files: acctusersfile = "/etc//raddb/acct_users" files: preproxy_usersfile = "/etc//raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Module: Instantiated acct_unique (acct_unique) detail: detailfile = "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/usr/local/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. rad_recv: Access-Request packet from host 10.134.64.199:1124, id=220, length=114 User-Name = "REFAP\\dadfh9" EAP-Message = 0x020100110152454641505c646164666839 NAS-IP-Address = 10.134.64.199 Service-Type = Login-User Calling-Station-Id = "00-0f-ea-21-ee-51" NAS-Port-Type = Ethernet NAS-Port = 16 Message-Authenticator = 0x10edbda09bf5ad2634790b585ee77e6f Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 radius_xlat: '/usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070816' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070816 modcall[authorize]: module "auth_log" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 1 length 17 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 users: Matched entry DEFAULT at line 153 modcall[authorize]: module "files" returns ok for request 0 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 0 modcall: leaving group authenticate (returns handled) for request 0 Sending Access-Challenge of id 220 to 10.134.64.199 port 1124 EAP-Message = 0x010200061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x0547bc9804181b086d78b1affb7fbc3d Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.134.64.199:1125, id=221, length=195 User-Name = "REFAP\\dadfh9" EAP-Message = 0x0202005019800000004616030100410100003d030146c498cadf74708ca364202e238eb621ae25ade0d60009aebe42d9b5a1788b0a00001600040005000a000900640062000300060013001200630100 NAS-IP-Address = 10.134.64.199 Service-Type = Login-User Calling-Station-Id = "00-0f-ea-21-ee-51" NAS-Port-Type = Ethernet NAS-Port = 16 State = 0x0547bc9804181b086d78b1affb7fbc3d Message-Authenticator = 0x0f22f00bada993fef6ace812e44a6dfb Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 radius_xlat: '/usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070816' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070816 modcall[authorize]: module "auth_log" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: EAP packet type response id 2 length 80 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 users: Matched entry DEFAULT at line 153 modcall[authorize]: module "files" returns ok for request 1 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 1 modcall: leaving group authorize (returns updated) for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0694], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 1 modcall: leaving group authenticate (returns handled) for request 1 Sending Access-Challenge of id 221 to 10.134.64.199 port 1125 EAP-Message = 0x0103040a19c0000006f1160301004a02000046030146c498c33c60d9d5c6d2609dc6ad99eb1cf44d784f2cb41e7a20c876f88e050d20767a8a36142b15effe597fceb2950f1873dac58ba941dc84ec24f5bc2da905bd00040016030106940b00069000068d0002cd308202c930820232a003020102020102300d06092a864886f70d010104050030819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e74206365 EAP-Message = 0x7274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d301e170d3034303132353133323631305a170d3035303132343133323631305a30819b310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f73743119301706035504031310526f6f74206365727469666963617465311f301d06092a864886f70d0109011610726f6f74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003 EAP-Message = 0x818d0030818902818100dac525422bfedb082629a2cba44b3449c90d0ab462fb72c8434a782098863d7eb7d7e70028c2b7ad555a51cc756cf4fa1d7091615ab450d5289553ae6616aff014a55085d6b8fb4aee98638e426175cdd36c665c63cda177d34920eb30585edc8773999c2980f81ad4638bbbea1c82d054023db7ef24a3ec1c3f6241a903d7f30203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181007a2d921b1cf13bf2982a9178ec9ede6d88edc178a2e8bd40a0a06fb6f0769957884cd7084537083496fd184165293f583c8e8240eb68e042c94b15752e4c07e80d09 EAP-Message = 0x779afa3dd55c24fa54ac292d77205d1c2477ed30d59f57caf9bd21ff2a8d16cc0911c50e4f295763fcb60efa3c3d2d0e43850f6e6fbe284902f6e83503650003ba308203b63082031fa003020102020100300d06092a864886f70d010104050030819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c EAP-Message = 0x652e636f6d301e170d3034303132353133323630375a Message-Authenticator = 0x00000000000000000000000000000000 State = 0xad39a9924ea34c48ba81df1b9597909c Finished request 1 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.134.64.199:1126, id=221, length=121 User-Name = "REFAP\\dadfh9" EAP-Message = 0x020300061900 NAS-IP-Address = 10.134.64.199 Service-Type = Login-User Calling-Station-Id = "00-0f-ea-21-ee-51" NAS-Port-Type = Ethernet NAS-Port = 16 State = 0xad39a9924ea34c48ba81df1b9597909c Message-Authenticator = 0xb0b1b4f0951d52a69069c7f019527f2d Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 radius_xlat: '/usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070816' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070816 modcall[authorize]: module "auth_log" returns ok for request 2 modcall[authorize]: module "chap" returns noop for request 2 modcall[authorize]: module "mschap" returns noop for request 2 rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 2 rlm_eap: EAP packet type response id 3 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 2 users: Matched entry DEFAULT at line 153 modcall[authorize]: module "files" returns ok for request 2 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 2 modcall: leaving group authorize (returns updated) for request 2 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 2 modcall: leaving group authenticate (returns handled) for request 2 Sending Access-Challenge of id 221 to 10.134.64.199 port 1126 EAP-Message = 0x010402f71900170d3036303132343133323630375a30819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100d4c5b19724f164acf1ffb189db1c8fbff4f14396ea7cb1e90f78d69451725377895dfe52ccb99b41e8 EAP-Message = 0x0ddeb58b127a943f4f58cbc562878192fbdc6fece9f871e7c130d35cf5188817e9b133249edd2a1c75d31043ae87553cec7a77ef26aa7d74281db9b77e17c6446c5dd9b188b43250ca0229963722a123a726b00b4027fd0203010001a381ff3081fc301d0603551d0e0416041468d36d3e1ee7bc9d5a057021c363da1365d1ade33081cc0603551d230481c43081c1801468d36d3e1ee7bc9d5a057021c363da1365d1ade3a181a5a481a230819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010 EAP-Message = 0x060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d820100300c0603551d13040530030101ff300d06092a864886f70d01010405000381810033c00b66b1e579ef73a06798252dab8d5e5511fc00fd276d80d12f834777c6743fdc2743fca1507704e4bc0979e4f60ac3ad9ee83e6f347369229d1f77229ba2e982359da563024a00163dba6d6c986c0bad28af85132ff8f0d76501bf1b7c2dff658ce1e62c01997b6e64e3e8d4373354ce9912847651539063b85bbc5485c516030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8a51ae06d9b076f7e9b7bbdf6d5eca8f Finished request 2 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.134.64.199:1127, id=222, length=307 User-Name = "REFAP\\dadfh9" EAP-Message = 0x020400c01980000000b61603010086100000820080d6d46a03ab7f03b7be18bd8d45a86184cda7139d3a090f88675ee5f118be5760844d843d9c3595c88d1d498626e05da888e477f52d17af4716c6dc4f9fd60a11ad110c70559650b1916e0740ce566847ed6cf3a66ece088cc2f01c1ed772c96e5f24abcd74cac23cf8d48ffd12670d7044d0eb93e0680c289366cb2213e2e6b5140301000101160301002030fdd4773d57eb8dcb9369be1944d6a2bb5c2a2cb50510bc06c6661bed7dbbec NAS-IP-Address = 10.134.64.199 Service-Type = Login-User Calling-Station-Id = "00-0f-ea-21-ee-51" NAS-Port-Type = Ethernet NAS-Port = 16 State = 0x8a51ae06d9b076f7e9b7bbdf6d5eca8f Message-Authenticator = 0x298b47613260b38eabd0ffc57e7f8e4a Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns ok for request 3 radius_xlat: '/usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070816' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070816 modcall[authorize]: module "auth_log" returns ok for request 3 modcall[authorize]: module "chap" returns noop for request 3 modcall[authorize]: module "mschap" returns noop for request 3 rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 3 rlm_eap: EAP packet type response id 4 length 192 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 3 users: Matched entry DEFAULT at line 153 modcall[authorize]: module "files" returns ok for request 3 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 3 modcall: leaving group authorize (returns updated) for request 3 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 3 modcall: leaving group authenticate (returns handled) for request 3 Sending Access-Challenge of id 222 to 10.134.64.199 port 1127 EAP-Message = 0x010500311900140301000101160301002056f3f4f739cb9e76fc01afea0195a00b816fe4f2bd24e7221ccf8b4a967a68cb Message-Authenticator = 0x00000000000000000000000000000000 State = 0x0444253ba479fbfbf901f4d8bcb32d47 Finished request 3 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.134.64.199:1128, id=223, length=121 User-Name = "REFAP\\dadfh9" EAP-Message = 0x020500061900 NAS-IP-Address = 10.134.64.199 Service-Type = Login-User Calling-Station-Id = "00-0f-ea-21-ee-51" NAS-Port-Type = Ethernet NAS-Port = 16 State = 0x0444253ba479fbfbf901f4d8bcb32d47 Message-Authenticator = 0xc679a26c6b5c0267b322be6515c9d0d9 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 modcall[authorize]: module "preprocess" returns ok for request 4 radius_xlat: '/usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070816' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070816 modcall[authorize]: module "auth_log" returns ok for request 4 modcall[authorize]: module "chap" returns noop for request 4 modcall[authorize]: module "mschap" returns noop for request 4 rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 4 rlm_eap: EAP packet type response id 5 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 4 users: Matched entry DEFAULT at line 153 modcall[authorize]: module "files" returns ok for request 4 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 4 modcall: leaving group authorize (returns updated) for request 4 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 4 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap_peap: EAPTLS_SUCCESS modcall[authenticate]: module "eap" returns handled for request 4 modcall: leaving group authenticate (returns handled) for request 4 Sending Access-Challenge of id 223 to 10.134.64.199 port 1128 EAP-Message = 0x0106002019001703010015354962399180c02243a32c73e8eb4f2b9600a2f9f4 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf3c11e77fefbbf5940fb993ec7024830 Finished request 4 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.134.64.199:1129, id=224, length=155 User-Name = "REFAP\\dadfh9" EAP-Message = 0x020600281900170301001d4f4cb413e8b0e10459cea531ef0d394a77a75d09516fb7a6c032e8d4b0 NAS-IP-Address = 10.134.64.199 Service-Type = Login-User Calling-Station-Id = "00-0f-ea-21-ee-51" NAS-Port-Type = Ethernet NAS-Port = 16 State = 0xf3c11e77fefbbf5940fb993ec7024830 Message-Authenticator = 0x9ef411e68e0d45090dbd575d9def2976 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 radius_xlat: '/usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070816' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070816 modcall[authorize]: module "auth_log" returns ok for request 5 modcall[authorize]: module "chap" returns noop for request 5 modcall[authorize]: module "mschap" returns noop for request 5 rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 5 rlm_eap: EAP packet type response id 6 length 40 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 users: Matched entry DEFAULT at line 153 modcall[authorize]: module "files" returns ok for request 5 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 5 modcall: leaving group authorize (returns updated) for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Identity - REFAP\dadfh9 rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled identity of REFAP\dadfh9 PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to REFAP\dadfh9 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 radius_xlat: '/usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20070816' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20070816 modcall[authorize]: module "auth_log" returns ok for request 5 modcall[authorize]: module "chap" returns noop for request 5 modcall[authorize]: module "mschap" returns noop for request 5 rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 5 rlm_eap: EAP packet type response id 6 length 17 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 users: Matched entry DEFAULT at line 153 modcall[authorize]: module "files" returns ok for request 5 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 5 modcall: leaving group authorize (returns updated) for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: EAP Identity rlm_eap: processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge modcall[authenticate]: module "eap" returns handled for request 5 modcall: leaving group authenticate (returns handled) for request 5 PEAP: Got tunneled Access-Challenge modcall[authenticate]: module "eap" returns handled for request 5 modcall: leaving group authenticate (returns handled) for request 5 Sending Access-Challenge of id 224 to 10.134.64.199 port 1129 EAP-Message = 0x0107003d19001703010032c5cdeddacd7039a176732d645476da34835c3dc732c9d5532b46d17a612694c8e414353d631472d4490700dc4704c2061c6d Message-Authenticator = 0x00000000000000000000000000000000 State = 0x1d0a23b2fd09844353a5a048369cfc56 Finished request 5 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.134.64.199:1130, id=224, length=209 User-Name = "REFAP\\dadfh9" EAP-Message = 0x0207005e19001703010053ef226f2bda8dffaefd810fa444187fa8dda658ebdc03ec6203de7eea7af63d0e1b283d62fd8193d714cda8fbf41968014dfa261f5ac3989fa7e1484289b8467c025b9733b747bf64c7f2b1b2e75bcea946932b NAS-IP-Address = 10.134.64.199 Service-Type = Login-User Calling-Station-Id = "00-0f-ea-21-ee-51" NAS-Port-Type = Ethernet NAS-Port = 16 State = 0x1d0a23b2fd09844353a5a048369cfc56 Message-Authenticator = 0xb79fc12d89e3ef40aecdbfb5f4b7e489 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 radius_xlat: '/usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070816' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070816 modcall[authorize]: module "auth_log" returns ok for request 6 modcall[authorize]: module "chap" returns noop for request 6 modcall[authorize]: module "mschap" returns noop for request 6 rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 6 rlm_eap: EAP packet type response id 7 length 94 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 users: Matched entry DEFAULT at line 153 modcall[authorize]: module "files" returns ok for request 6 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 6 modcall: leaving group authorize (returns updated) for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 rlm_eap_peap: Tunneled data is valid. PEAP: Setting User-Name to REFAP\dadfh9 PEAP: Adding old state with cf 5e Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 radius_xlat: '/usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20070816' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20070816 modcall[authorize]: module "auth_log" returns ok for request 6 modcall[authorize]: module "chap" returns noop for request 6 modcall[authorize]: module "mschap" returns noop for request 6 rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 6 rlm_eap: EAP packet type response id 7 length 71 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 users: Matched entry DEFAULT at line 153 modcall[authorize]: module "files" returns ok for request 6 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 6 modcall: leaving group authorize (returns updated) for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 Processing the authenticate section of radiusd.conf modcall: entering group MS-CHAP for request 6 rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for dadfh9 with NT-Password radius_xlat: Running registered xlat function of module mschap for string 'NT-Domain' radius_xlat: '--domain=REFAP' radius_xlat: Running registered xlat function of module mschap for string 'User-Name' radius_xlat: '--username=dadfh9' radius_xlat: Running registered xlat function of module mschap for string 'Challenge' mschap2: 66 radius_xlat: '--challenge=bbb921f081d881b8' radius_xlat: Running registered xlat function of module mschap for string 'NT-Response' radius_xlat: '--nt-response=21b74dd6d8b98b9473e5740dcc949dc5def5c275189347ee' Exec-Program output: Logon failure (0xc000006d) Exec-Program-Wait: plaintext: Logon failure (0xc000006d) Exec-Program: returned: 1 rlm_mschap: External script failed. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect modcall[authenticate]: module "mschap" returns reject for request 6 modcall: leaving group MS-CHAP (returns reject) for request 6 rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns reject for request 6 modcall: leaving group authenticate (returns reject) for request 6 auth: Failed to validate the user. PEAP: Tunneled authentication was rejected. rlm_eap_peap: FAILURE modcall[authenticate]: module "eap" returns handled for request 6 modcall: leaving group authenticate (returns handled) for request 6 Sending Access-Challenge of id 224 to 10.134.64.199 port 1130 EAP-Message = 0x010800261900170301001bde8f99f3fa79bbbfda8907010ac92aea1d3e985a3f5cd62774a7e8 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2b4b8901563d13ccf57c42ae6c588036 Finished request 6 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.134.64.199:1131, id=231, length=153 User-Name = "REFAP\\dadfh9" EAP-Message = 0x020800261900170301001b0545d72e5be54bed8ee281ff589fa09fd4f3d15cd698d7d4c8455a NAS-IP-Address = 10.134.64.199 Service-Type = Login-User Calling-Station-Id = "00-0f-ea-21-ee-51" NAS-Port-Type = Ethernet NAS-Port = 16 State = 0x2b4b8901563d13ccf57c42ae6c588036 Message-Authenticator = 0x402f7be6c89809d2c6b1d195298877a5 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 7 modcall[authorize]: module "preprocess" returns ok for request 7 radius_xlat: '/usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070816' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070816 modcall[authorize]: module "auth_log" returns ok for request 7 modcall[authorize]: module "chap" returns noop for request 7 modcall[authorize]: module "mschap" returns noop for request 7 rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 7 rlm_eap: EAP packet type response id 8 length 38 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 7 users: Matched entry DEFAULT at line 153 modcall[authorize]: module "files" returns ok for request 7 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 7 modcall: leaving group authorize (returns updated) for request 7 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 7 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Had sent TLV failure. User was rejcted rejected earlier in this session. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 7 modcall: leaving group authenticate (returns invalid) for request 7 auth: Failed to validate the user. Delaying request 7 for 1 seconds Finished request 7 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.134.64.199:1131, id=231, length=153 Sending Access-Reject of id 231 to 10.134.64.199 port 1131 EAP-Message = 0x04080004 Message-Authenticator = 0x00000000000000000000000000000000 --- Walking the entire request list --- Waking up in 3 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 220 with timestamp 46c498c3 Cleaning up request 1 ID 221 with timestamp 46c498c3 Cleaning up request 2 ID 221 with timestamp 46c498c3 Cleaning up request 3 ID 222 with timestamp 46c498c3 Cleaning up request 4 ID 223 with timestamp 46c498c3 Cleaning up request 5 ID 224 with timestamp 46c498c3 Cleaning up request 6 ID 224 with timestamp 46c498c3 Cleaning up request 7 ID 231 with timestamp 46c498c3 Nothing to do. Sleeping until we see a request. ############################################################## -- Alexsander A. Rodrigues Se você tivesse que identificar, em uma palavra, a razão pela qual a raça humana ainda não atingiu (e nunca atingirá) todo o seu potencial, essa palavra seria "REUNIÕES". L.F.V. http://counter.li.org/cgi-bin/runscript/display-person.cgi?user=413267
Exec-Program output: Logon failure (0xc000006d) Exec-Program-Wait: plaintext: Logon failure (0xc000006d) Exec-Program: returned: 1 rlm_mschap: External script failed.
those are prolly the lines of interest, your ntlm_auth is failing. try it via the command line, once you get it working via the command line you'll have a MUCH better chance of it working in freeradius. hints are kinit -> get that working also get wbinfo -u listing your domain users.... Joe Vieira UNIX Systems Administrator Clark University
hi joe, see this: s8860ru01:/etc# /usr/bin/ntlm_auth --request-nt-key --domain=REFAP --username=dadfh9 password: [2007/08/17 07:35:26, 10] intl/lang_tdb.c:lang_tdb_init(138) lang_tdb_init: /usr/share/samba/en_US.UTF-8.msg: No such file or directory NT_STATUS_OK: Success (0x0) s8860ru01:/etc# isn't means that ntlm_auth is working? On 8/16/07, Joe Vieira <jvieira@clarku.edu> wrote:
Exec-Program output: Logon failure (0xc000006d) Exec-Program-Wait: plaintext: Logon failure (0xc000006d) Exec-Program: returned: 1 rlm_mschap: External script failed.
those are prolly the lines of interest, your ntlm_auth is failing. try it via the command line, once you get it working via the command line you'll have a MUCH better chance of it working in freeradius.
hints are kinit -> get that working also get wbinfo -u listing your domain users....
Joe Vieira UNIX Systems Administrator Clark University
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Alexsander A. Rodrigues Se você tivesse que identificar, em uma palavra, a razão pela qual a raça humana ainda não atingiu (e nunca atingirá) todo o seu potencial, essa palavra seria "REUNIÕES". L.F.V. http://counter.li.org/cgi-bin/runscript/display-person.cgi?user=413267
Hi,
hi joe, see this: s8860ru01:/etc# /usr/bin/ntlm_auth --request-nt-key --domain=REFAP --username=dadfh9 password: [2007/08/17 07:35:26, 10] intl/lang_tdb.c:lang_tdb_init(138) lang_tdb_init: /usr/share/samba/en_US.UTF-8.msg: No such file or directory NT_STATUS_OK: Success (0x0) s8860ru01:/etc#
isn't means that ntlm_auth is working?
yes - when used with those commands.
On 8/16/07, Joe Vieira <jvieira@clarku.edu> wrote:
Exec-Program output: Logon failure (0xc000006d) Exec-Program-Wait: plaintext: Logon failure (0xc000006d) Exec-Program: returned: 1 rlm_mschap: External script failed.
this shows a login failure with ntlm_auth. check out the debug to see why. it could be that the username or domain is being passed incorrectly alan
tks alan! there is some way to force log show me what parameter it has passing to ntlm_auth bin? On 8/17/07, A.L.M.Buxey@lboro.ac.uk <A.L.M.Buxey@lboro.ac.uk> wrote:
Hi,
hi joe, see this: s8860ru01:/etc# /usr/bin/ntlm_auth --request-nt-key --domain=REFAP --username=dadfh9 password: [2007/08/17 07:35:26, 10] intl/lang_tdb.c:lang_tdb_init(138) lang_tdb_init: /usr/share/samba/en_US.UTF-8.msg: No such file or directory NT_STATUS_OK: Success (0x0) s8860ru01:/etc#
isn't means that ntlm_auth is working?
yes - when used with those commands.
On 8/16/07, Joe Vieira <jvieira@clarku.edu> wrote:
Exec-Program output: Logon failure (0xc000006d) Exec-Program-Wait: plaintext: Logon failure (0xc000006d) Exec-Program: returned: 1 rlm_mschap: External script failed.
this shows a login failure with ntlm_auth. check out the debug to see why. it could be that the username or domain is being passed incorrectly
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Alexsander A. Rodrigues Se você tivesse que identificar, em uma palavra, a razão pela qual a raça humana ainda não atingiu (e nunca atingirá) todo o seu potencial, essa palavra seria "REUNIÕES". L.F.V. http://counter.li.org/cgi-bin/runscript/display-person.cgi?user=413267
hi alan, when I captured log I was using "radiusd -X -A -y -z > output.log" another thing: I capture some pieces of output log: radius_xlat: Running registered xlat function of module mschap for string 'NT-Domain' radius_xlat: '--domain=REFAP' radius_xlat: Running registered xlat function of module mschap for string 'User-Name' radius_xlat: '--username=dadfh9' radius_xlat: Running registered xlat function of module mschap for string 'Challenge' mschap2: c6 radius_xlat: '--challenge=8fd10da49268b4b6' radius_xlat: Running registered xlat function of module mschap for string 'NT-Response' radius_xlat: '--nt-response=aed525bc59e35522e8cf9fff11c533d9c5c866d6eb0f47c1' and did another test: s8860ru01:/tmp# /usr/bin/ntlm_auth --request-nt-key --domain=REFAP --username=dadfh9 --challenge=8fd10da49268b4b6 --nt-response=aed525bc59e35522e8cf9fff11c533d9c5c866d6eb0f47c1 Logon failure (0xc000006d) <-----logon error again s8860ru01:/tmp# s8860ru01:/tmp# /usr/bin/ntlm_auth --request-nt-key --domain=REFAP --username=dadfh9 password: [2007/08/17 14:47:06, 10] intl/lang_tdb.c:lang_tdb_init(138) lang_tdb_init: /usr/share/samba/en_US.UTF-8.msg: No such file or directory NT_STATUS_OK: Success (0x0) s8860ru01:/tmp# it's like wrong response or challenge ou some kind of hash. ps.: on output.log I saw this lines: mschap: with_ntdomain_hack = yes mschapv2: with_ntdomain_hack = no <----- this must be yes or not? preprocess: with_ntdomain_hack = no On 8/17/07, A.L.M.Buxey@lboro.ac.uk <A.L.M.Buxey@lboro.ac.uk> wrote:
hi,
last time i checked i'm sure its printed in full debug mode :
radiusd -X
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Alexsander A. Rodrigues Se você tivesse que identificar, em uma palavra, a razão pela qual a raça humana ainda não atingiu (e nunca atingirá) todo o seu potencial, essa palavra seria "REUNIÕES". L.F.V. http://counter.li.org/cgi-bin/runscript/display-person.cgi?user=413267
hi alan, enabling log_goodpass and log_badpass I took this lines: rlm_mschap: External script failed. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect modcall[authenticate]: module "mschap" returns reject for request 6 modcall: leaving group MS-CHAP (returns reject) for request 6 rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns reject for request 6 modcall: leaving group authenticate (returns reject) for request 6 auth: Failed to validate the user. Login incorrect (rlm_mschap: Logon failure (0xc000006d)): [REFAP\\dadfh9/<no User-Password attribute>] (from client localhost port 0) this means that ntlm_auth isn't receiving password parameter?? On 8/17/07, Alexsander <alexsander.rodrigues@gmail.com> wrote:
hi alan, when I captured log I was using "radiusd -X -A -y -z > output.log"
another thing: I capture some pieces of output log: radius_xlat: Running registered xlat function of module mschap for string 'NT-Domain' radius_xlat: '--domain=REFAP' radius_xlat: Running registered xlat function of module mschap for string 'User-Name' radius_xlat: '--username=dadfh9' radius_xlat: Running registered xlat function of module mschap for string 'Challenge' mschap2: c6 radius_xlat: '--challenge=8fd10da49268b4b6' radius_xlat: Running registered xlat function of module mschap for string 'NT-Response' radius_xlat: '--nt-response=aed525bc59e35522e8cf9fff11c533d9c5c866d6eb0f47c1'
and did another test:
s8860ru01:/tmp# /usr/bin/ntlm_auth --request-nt-key --domain=REFAP --username=dadfh9 --challenge=8fd10da49268b4b6 --nt-response=aed525bc59e35522e8cf9fff11c533d9c5c866d6eb0f47c1 Logon failure (0xc000006d) <-----logon error again s8860ru01:/tmp# s8860ru01:/tmp# /usr/bin/ntlm_auth --request-nt-key --domain=REFAP --username=dadfh9 password: [2007/08/17 14:47:06, 10] intl/lang_tdb.c:lang_tdb_init(138) lang_tdb_init: /usr/share/samba/en_US.UTF-8.msg: No such file or directory NT_STATUS_OK: Success (0x0) s8860ru01:/tmp#
it's like wrong response or challenge ou some kind of hash. ps.: on output.log I saw this lines: mschap: with_ntdomain_hack = yes mschapv2: with_ntdomain_hack = no <----- this must be yes or not? preprocess: with_ntdomain_hack = no
On 8/17/07, A.L.M.Buxey@lboro.ac.uk <A.L.M.Buxey@lboro.ac.uk> wrote:
hi,
last time i checked i'm sure its printed in full debug mode :
radiusd -X
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Alexsander A. Rodrigues
Se você tivesse que identificar, em uma palavra, a razão pela qual a raça humana ainda não atingiu (e nunca atingirá) todo o seu potencial, essa palavra seria "REUNIÕES". L.F.V.
http://counter.li.org/cgi-bin/runscript/display-person.cgi?user=413267
-- Alexsander A. Rodrigues Se você tivesse que identificar, em uma palavra, a razão pela qual a raça humana ainda não atingiu (e nunca atingirá) todo o seu potencial, essa palavra seria "REUNIÕES". L.F.V. http://counter.li.org/cgi-bin/runscript/display-person.cgi?user=413267
Alexsander wrote:
hi alan, enabling log_goodpass and log_badpass I took this lines:
rlm_mschap: External script failed.
And right before that in the log it shows you WHAT script it's running, and WHY it failed. If you want to solve the problem, don't delete every piece of useful information from the logs you post to the list. The debug output shows you the ntlm_auth command that the server is running. Since it works when you run it from the command line, the obvious next step is to _compare_ the two. Then, if there are differences, make the BROKEN one more like the WORKING one. Alan DeKok.
participants (4)
-
A.L.M.Buxey@lboro.ac.uk -
Alan DeKok -
Alexsander -
Joe Vieira