Ntlm_auth Help

James J J Hooper jjj.hooper at bristol.ac.uk
Thu Aug 24 22:39:27 CEST 2006

On 24 Aug 2006, at 21:24, King, Michael wrote:

> I'm building a new radius server.  I'm copying an existing one.
> I'm getting the following error from freeRADIUS when I run it -x
> (FreeRADIUS 1.1.3)
> Exec-Program: /usr/bin/ntlm_auth --request-nt-key --username=mking
> --challenge=46b51a98d607a3a9 --nt-response=
> hex decode of  failed! (only got 0 bytes)
             ^^^^^^^^ = of .... nothing because you have got --nt- 
response= nothing. So decoding nothing doesn't work.

> Of course, if I run it via the command line, it works flawlessly.
> rad2:/etc/freeradius# ntlm_auth --username=mking
> password:
> NT_STATUS_OK: Success (0x0)
So ntlm_auth can talk to winbind, ...which can talk to the domain.  
The problem is the cranky parameter --nt-response above.

> I've copied the ntlm_auth line from my working radius server (which is
> on 1.0.1, hence the reason I'm upgrading)
> ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
> --username=%{mschap:User-Name} --challenge=%{mschap:Challenge}
> --nt-response=%{mschap:NT-Response)"
You seem to have the wrong variety of bracket here!?? This may be the  
reason --nt-response is being set to nul, and hence the above error.


James J J Hooper
Information Services
University of Bristol

More information about the Freeradius-Users mailing list