802.1x machine authentication patch help

Jamie Crawford crawford at cmsu1.cmsu.edu
Fri Nov 18 17:49:26 CET 2005


Hi,
I am trying to get machine authentication working with freeradius.  I
have patched the samba code and freeradius code.  But am getting this
error when the machine tries to authenticate.  I patched the rlm_chap
module by taking last nights cvs snapshot and copying over the rlm_chap
folder overwriting the contents of the same folder in the
freeradius-1.0.5 release and recompiling.  I see that it is trying to
pass the username as "host/IS--000031176".  I thought the updated
rlm_mschap was suppposed to strip the "host/" part of the username.  Do
I need to create a realm to strip the "host/"?
Any help would be appreciated!!!
Thanks,
jamie


make clean

./configure --configure --with-raddbdir=/etc/radius
--with-logdir=/var/log/radius --disable-snmp --without-rlm_sql
--without-rlm_ldap --without-rlm_krb5

make

make install

modcall: entering group Auth-Type for request 6
  rlm_mschap: No User-Password configured.  Cannot create LM-Password.
  rlm_mschap: No User-Password configured.  Cannot create NT-Password.
  rlm_mschap: Told to do MS-CHAPv2 for host/IS--000031176 with
NT-Password
radius_xlat: Running registered xlat function of module mschap for
string 'User-Name'
radius_xlat: Running registered xlat function of module mschap for
string 'Challenge'
 mschap2: d3
radius_xlat: Running registered xlat function of module mschap for
string 'NT-Response'
radius_xlat:  '/usr/bin/ntlm_auth --domain= --request-nt-key
--username=host/IS--000031176 --challenge=ba9273ce0768615e
--nt-response=fd385f1011a2f799b5d62e04ba                                
             d8bb39719fa48c3d11299e'
Exec-Program: /usr/bin/ntlm_auth --domain= --request-nt-key
--username=host/IS--000031176 --challenge=ba9273ce0768615e
--nt-response=fd385f1011a2f799b5d62e04bad8bb39719fa48c3d11299e
Exec-Program output: Logon failure (0xc000006d)
Exec-Program-Wait: plaintext: Logon failure (0xc000006d)
Exec-Program: returned: 1
  rlm_mschap: External script failed.




More information about the Freeradius-Users mailing list