FR + AD host/ machine/ workstation authentication

Phil Mayers p.mayers at imperial.ac.uk
Sat Jul 7 15:39:41 CEST 2007


As per my previous emails, you can see the rlm_mschap is doing the
expansion correctly without Novells hack:

> modcall: entering group MS-CHAP for request 6
>   rlm_mschap: No User-Password configured.  Cannot create LM-Password.
>   rlm_mschap: No User-Password configured.  Cannot create NT-Password.
>   rlm_mschap: Told to do MS-CHAPv2 for host/Andy.admin9999.internal
> with NT-Password
> radius_xlat: Running registered xlat function of module mschap for
> string 'User-Name'
> radius_xlat:  '--username=Andy$'
> radius_xlat: Running registered xlat function of module mschap for
> string 'NT-Domain'
> radius_xlat:  '--domain=admin9999'
> radius_xlat: Running registered xlat function of module mschap for
> string 'Challenge'
>  mschap2: a1
> radius_xlat:  '--challenge=d86cb80cb2cc9af6'
> radius_xlat: Running registered xlat function of module mschap for
> string 'NT-Response'
> radius_xlat:  '--nt-response=7010e83a5b08ff6401e35e1f5916396538272a88a162a194'
> Exec-Program output: NT_KEY: 18B3A6F684E6D9218D8F63B68904C2D2
> Exec-Program-Wait: plaintext: NT_KEY: 18B3A6F684E6D9218D8F63B68904C2D2

...and your radius server sends an accept:

> Sending Access-Accept of id 238 to 10.10.60.100 port 1645
> 	MS-MPPE-Recv-Key =
> 0xbba590b48209b4e284f1b69dc04d04c0db3b2e5f487e30c9b2554d3e9b14c8c3
> 	MS-MPPE-Send-Key =
> 0xa41125592b9aab7510bfcee91fb53cb91bf49fba67a0ad95879538526a78edff
> 	EAP-Message = 0x030b0004
> 	Message-Authenticator = 0x00000000000000000000000000000000
> 	User-Name = "host/Andy.admin9999.internal"
> Finished request 8

If your machine isn't on the network at this point, the problem lies
with your NAS, not FreeRadius. I would investigate there

I see it's wireless - what type of AP? Looks like a Cisco to me.




More information about the Freeradius-Users mailing list