ntlm_auth - rlm_mschap: No User-Password configured. Cannot create NT-Password.
Peter de Groot
peter.de.groot at det.wa.edu.au
Mon Jul 17 03:54:05 CEST 2006
Tx for the reply.....
Am cross posting to the samba list ....
Can you tell me how to create the challenge and response stuff .... I
can then test it outside of radius....
I can then check agains both domains.....
Please humour another query ... how do I test to see if I have the XP
extensions in the certificates ..
It is beginning to look that I am going to have to go down that road...
Bummer .. the users are
going to love that .. NOT. More work for me :-(
TIA
Peter
Peter de Groot
Windows Re-Installation Engineer
Eastern Goldfields College
Ph 08) 90801800 Fax 08) 90801866 Mob 0418915312
http://egshs.wa.edu.au
Phil Mayers wrote:
>
>>
>> [root at curric4182-05 raddb]#
>> [root at curric4182-05 raddb]#
>> [root at curric4182-05 raddb]# /usr/bin/ntlm_auth --request-nt-key --
>> username=e2052982 --domain=ADMIN4182 --challenge=6151ad29f27eff47 --
>> nt-response=01e42eabc464bf9915883d804457069d4702d95534ce4d53
>> Logon failure (0xc000006d)
>> [root at curric4182-05 raddb]#
>> [root at curric4182-05 raddb]#
>>
>> Not good. :-( .. but they do give me the domain option .. so it
>> "should" be ok. ?
>
> Try asking on the Samba lists. Also, check the event logs on the other
> domain - it might be that you don't have the relevant options enabled
> or permissions set to do inter-domain mschap (I don't know what, if
> any, options you need)
>
>>
>> .
>> .
>> .
>>
>> Sorry ... couple more idiot (newbie) questions ....
>>
>> I am using PEAP with MSCHAPv2 .. and (I think) according to the how-
>> tos .. I do NOT need
>> ANY certificate(s) on the client PC... Is this correct ??.... or, if not
>
> Correct
>
>> .. which certificate(s) are
>> REQUIRED on the PC... ?? I am using tinyCA with the OID extra bits
>> for the XP extensions.
>> Is this an error in the following certficate stuff ??
>>
>
> ignore that
>
>> .
>> .
>> .
>> IS the following significant ... ?? It seems to say it cannot create
>> the password ??
>>
>> modcall: entering group MS-CHAP for request 7
>> rlm_mschap: No User-Password configured. Cannot create LM-Password.
>> rlm_mschap: No User-Password configured. Cannot create NT-Password.
>> rlm_mschap: Told to do MS-CHAPv2 for e2052982 with NT-Password
>
> ignore that, since you're using ntlm_auth it's irrelevant
> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/
> users.html
More information about the Freeradius-Users
mailing list