Active directory and MS-CHAP Authentication.
Antonio Matera
antonio.matera at create-net.it
Tue May 9 17:20:56 CEST 2006
Hi, I have a problem with the authentication of active directory users
on freeradius.
I correctly set up samba and kerberos and if I write:
# ntlm_auth --request-nt-key --domain=mydomain --username=myuser
if I insert the correct password I receive the authentication ok.
My problem is to configure the mschap module on freeradius. My mschap
config is:
mschap {
auth-type = MS-CHAP
with_ntdomain_hack = yes
ntlm_auth ="/usr/bin/ntlm_auth --request-nt-key
--domain=%{mschap:NT-Domain} --username=%{mschap:User-Name}
--challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
}
If I insert in the users file "DEFAULT Auth-Type := MS-CHAP", in the log
file I read this error:
rlm_mschap: No User-Password configured. Cannot create LM-Password.
rlm_mschap: No User-Password configured. Cannot create NM-Password.
rlm_mschap: No MS-CHAP-Challenge in the request
If I remove the DAFAULT user in the users file in the log I can't find a
mschap authentication and the user is reject.
What is wrong?
Thanks a lot
Bye Antonio
More information about the Freeradius-Users
mailing list