EAP (PEAP)+ntlm_auth doesn't send password by it self
Good morning fellas, After several unsuccessful attempts I could install Freeradius with OpenSSL support for do ntlm_auth for the users with Active Directory integration. The problem is, when the windows xp machine try to connect to the wireless network, Freeradius (or windows xp machine, reallly dont know) doesn't fill the password field like user-name does. So, Any one knows why it is happening? Because for this reason I get the error in the auithentication (Exec-Program output: NT_STATUS_WRONG_PASSWORD: Wrong Password (0xc000006a) Exec-Program-Wait: plaintext: NT_STATUS_WRONG_PASSWORD: Wrong Password (0xc000006a) ) Listening on authentication address * port 1645 Listening on accounting address * port 1646 Listening on proxy address * port 1647 Ready to process requests. rad_recv: Access-Request packet from host "AP's IP" port 1645, id=76, length=181 User-Name = "MYDOMAIN\\ortegaca" Framed-MTU = 1400 Called-Station-Id = "0015.62c8.75d0" Calling-Station-Id = "001f.3c2d.78d6" Cisco-AVPair = "ssid=radiusd" Service-Type = Login-User Message-Authenticator = 0x3408edc72d37acf533d28f0b24f43f81 EAP-Message = 0x02020017015044565341323030305c6f72746567616361 NAS-Port-Type = Wireless-802.11 Cisco-NAS-Port = "3259" NAS-Port = 3259 NAS-IP-Address = "AP's IP" NAS-Identifier = "ap" +- entering group authorize {...} [ntlm_auth] expand: --username=%{mschap:User-Name} -> --username=ortegaca [ntlm_auth] expand: --password=%{User-Password} -> --password= Exec-Program output: NT_STATUS_WRONG_PASSWORD: Wrong Password (0xc000006a) Exec-Program-Wait: plaintext: NT_STATUS_WRONG_PASSWORD: Wrong Password (0xc000006a) Exec-Program: returned: 1 ++[ntlm_auth] returns reject Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> PDVSA2000\ortegaca attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.7 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 76 to "AP's IP" port 1645 Waking up in 4.9 seconds. Cleaning up request 0 ID 76 with timestamp +17 Ready to process requests. Thanks in advance, Cesar _________________________________________________________________ Explore the seven wonders of the world http://search.msn.com/results.aspx?q=7+wonders+world&mkt=en-US&form=QBRE
Hi,
After several unsuccessful attempts I could install Freeradius with OpenSSL support for do ntlm_auth for the users with Active Directory integration. The problem is, when the windows xp machine try to connect to the wireless network, Freeradius (or windows xp machine, reallly dont know) doesn't fill the password field like user-name does. So, Any one knows why it is happening? Because for this reason I get the error in the auithentication (Exec-Program output: NT_STATUS_WRONG_PASSWORD: Wrong Password (0xc000006a)
windows machine isnt sending the password - but then again, its not expecting to. challenge repsonse is the order of the day.
Exec-Program-Wait: plaintext: NT_STATUS_WRONG_PASSWORD: Wrong Password (0xc000006a) )
[ntlm_auth] expand: --username=%{mschap:User-Name} -> --username=ortegaca [ntlm_auth] expand: --password=%{User-Password} -> --password=
no User-Password in the packet sent in the 802.1X - therefore there is nothing there the default arguments for this (ntlm) are --request-nt-key --username=%{Stripped-User-Name:-%{User-Name:-None}} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}" what happens if you use this? alan
participants (2)
-
Alan Buxey -
Cesar Ortega