[Was: Problem with rlm_mschap from CVS] rlm_mschap: Unknown expansion string

Luca Corti cortez at tiscali.it
Tue Nov 15 11:07:31 CET 2005


Hello,

I've checked out the exec.c fixes, but now there seem to be problems
with variables passwed to ntlm_auth.

  Processing the authenticate section of radiusd.conf
modcall: entering group MS-CHAP for request 30
  rlm_mschap: No User-Password configured.  Cannot create LM-Password.
  rlm_mschap: No User-Password configured.  Cannot create NT-Password.
  rlm_mschap: Told to do MS-CHAPv2 for myuser with NT-Password
radius_xlat:  '--username=myuser'
radius_xlat: Running registered xlat function of module mschap for
string 'Challenge:-00'
  rlm_mschap: Unknown expansion string "Challenge:-00"
radius_xlat:  '--challenge='
radius_xlat: Running registered xlat function of module mschap for
string 'NT-Response:-00'
  rlm_mschap: Unknown expansion string "NT-Response:-00"
radius_xlat:  '--nt-response='
hex decode of  failed! (only got 0 bytes)
Exec-Program output:
Exec-Program: returned: 1
  rlm_mschap: External script failed.
  rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
  modcall[authenticate]: module "mschap" returns reject for request 30
modcall: leaving group MS-CHAP (returns reject) for request 30
  rlm_eap: Freeing handler
  modcall[authenticate]: module "eap" returns reject for request 30
modcall: leaving group authenticate (returns reject) for request 30
auth: Failed to validate the user.
  PEAP: Got tunneled reply RADIUS code 3
        MS-CHAP-Error = "\006E=691 R=1"
        EAP-Message = 0x04060004
        Message-Authenticator = 0x00000000000000000000000000000000
  PEAP: Processing from tunneled session code 0x813a1d0 3
        MS-CHAP-Error = "\006E=691 R=1"
        EAP-Message = 0x04060004
        Message-Authenticator = 0x00000000000000000000000000000000
  PEAP: Tunneled authentication was rejected.
  rlm_eap_peap: FAILURE

Here is my ntlm_auth configuration:

ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
--username={Stripped-User-Name:-%{User-Name:-None}}
--challenge={mschap:Challenge:-00}
--nt-response={mschap:NT-Response:-00}"


thanks

-- 
Luca Corti
PGP Key ID 1F38C091
BOFH excuse of the moment:
The keyboard isn't plugged in





More information about the Freeradius-Users mailing list