problems authenticating
Alan DeKok
aland at ox.org
Mon Jul 11 23:26:54 CEST 2005
jck-freeradius at southwestern.edu wrote:
> rlm_mschap: Told to do MS-CHAPv2 for johnk with NT-Password
> rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
That's pretty definitive.
> My thoughts are that SQL and MSCHAP should be in the authorization section,
> and MSCHAP and EAP should be in authentication.
"eap" should be in the "authorize" section, too. That's the way the
server comnes configured.
> I am storing NTLM passwords in my SQL server.
...
> | 1490 | johnk | User-Password | == | 0393A990E3426721695109AB020K4E1C:FBFR81520C5BDDENOTREALPASSWORD33 |
No, you're not.
You're telling the server that the clear-text password is a hex
string, which it's not.
If you want to store the NT-hashed passwords in SQL, use the
"NT-Password" attribute, and ensure that the value is 32 bytes of hex
data.
But before you do that, I would STRONGLY suggest storing a simple
clear-text password in SQL, like "test". Verify that it works, and
THEN start storing NT password.
By trying to configure 3 things at the same time, you guarantee that
you can't possible figure out which one of the three is failing.
Alan DeKok.
More information about the Freeradius-Users
mailing list