ntlm_auth - rlm_mschap: No User-Password configured. Cannot create NT-Password.

Peter de Groot peter.de.groot at det.wa.edu.au
Fri Jul 14 06:15:41 CEST 2006 

> eter de Groot <peter.de.groot at det.wa.edu.au> wrote:
>> > I am trying to autheticate against a different domain that than the
>> > samba server is joined to.. should be ok ??
> 
>   Probably not.
> 
>> > [root at curric4182-05 raddb]# ntlm_auth --request-nt-key
>> > --domain=admin4182 --username=e2052982
>> > password:
>> > NT_STATUS_OK: Success (0x0)
> 
>   That's nice, but it's not what the server is doing:
> 
>> > radius_xlat:  '/usr/bin/ntlm_auth --request-nt-key --username=e2052982
>> > --domain=ADMIN4182 --challenge=7801a84637ef5c68
>> > --nt-response=4f77faa8137d60ae186c5f910fea83f936dbd827ac54f757'
> 
>   What happens when you run the above command from the command line?
> 
>   Alan DeKok.
> 

Thanks for the reply .... I re-ran the connect and then copy and pasted onto
the command line from the (radiusd -X ) log..

[root at curric4182-05 raddb]#
[root at curric4182-05 raddb]#
[root at curric4182-05 raddb]# /usr/bin/ntlm_auth --request-nt-key --username=e2052982 --domain=ADMIN4182 --challenge=6151ad29f27eff47 
  --nt-response=01e42eabc464bf9915883d804457069d4702d95534ce4d53
Logon failure (0xc000006d)
[root at curric4182-05 raddb]#
[root at curric4182-05 raddb]#

Not good. :-(  .. but they do give me the domain option .. so it "should" be ok. ?

.
.
.

Sorry ... couple more idiot (newbie) questions  ....

I am using PEAP with MSCHAPv2 .. and (I think) according to the how-tos .. I do NOT need
ANY certificate(s) on the client PC... Is this correct ??.... or, if not .. which certificate(s) are
REQUIRED on the PC... ??  I am using tinyCA with the OID extra bits for the XP extensions.
Is this an error in the following certficate stuff ??

.
.
.

rlm_eap_tls:  Length Included
  eaptls_verify returned 11
    (other): before/accept initialization
    TLS_accept: before/accept initialization
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello    TLS_accept: SSLv3 read client hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello    TLS_accept: SSLv3 write server hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0927], Certificate    TLS_accept: SSLv3 write certificate A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone    TLS_accept: SSLv3 write server done A
    TLS_accept: SSLv3 flush data
    TLS_accept:error in SSLv3 read client certificate A
rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
In SSL Handshake Phase
In SSL Accept mode  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
.
.
.
.
IS the following significant ... ?? It seems to say it cannot create the password ??

modcall: entering group MS-CHAP for request 7
  rlm_mschap: No User-Password configured.  Cannot create LM-Password.
  rlm_mschap: No User-Password configured.  Cannot create NT-Password.
  rlm_mschap: Told to do MS-CHAPv2 for e2052982 with NT-Password



Thanks


Peter de Groot
Windows Re-Installation Engineer
Eastern Goldfields College
Ph  08) 90801800  Fax 08) 90801866 Mob  0418915312
http://egshs.wa.edu.au

More information about the Freeradius-Users mailing list