FR + AD host/ machine/ workstation authentication
Phil Mayers
p.mayers at imperial.ac.uk
Sat Jul 7 15:39:41 CEST 2007
As per my previous emails, you can see the rlm_mschap is doing the
expansion correctly without Novells hack:
> modcall: entering group MS-CHAP for request 6
> rlm_mschap: No User-Password configured. Cannot create LM-Password.
> rlm_mschap: No User-Password configured. Cannot create NT-Password.
> rlm_mschap: Told to do MS-CHAPv2 for host/Andy.admin9999.internal
> with NT-Password
> radius_xlat: Running registered xlat function of module mschap for
> string 'User-Name'
> radius_xlat: '--username=Andy$'
> radius_xlat: Running registered xlat function of module mschap for
> string 'NT-Domain'
> radius_xlat: '--domain=admin9999'
> radius_xlat: Running registered xlat function of module mschap for
> string 'Challenge'
> mschap2: a1
> radius_xlat: '--challenge=d86cb80cb2cc9af6'
> radius_xlat: Running registered xlat function of module mschap for
> string 'NT-Response'
> radius_xlat: '--nt-response=7010e83a5b08ff6401e35e1f5916396538272a88a162a194'
> Exec-Program output: NT_KEY: 18B3A6F684E6D9218D8F63B68904C2D2
> Exec-Program-Wait: plaintext: NT_KEY: 18B3A6F684E6D9218D8F63B68904C2D2
...and your radius server sends an accept:
> Sending Access-Accept of id 238 to 10.10.60.100 port 1645
> MS-MPPE-Recv-Key =
> 0xbba590b48209b4e284f1b69dc04d04c0db3b2e5f487e30c9b2554d3e9b14c8c3
> MS-MPPE-Send-Key =
> 0xa41125592b9aab7510bfcee91fb53cb91bf49fba67a0ad95879538526a78edff
> EAP-Message = 0x030b0004
> Message-Authenticator = 0x00000000000000000000000000000000
> User-Name = "host/Andy.admin9999.internal"
> Finished request 8
If your machine isn't on the network at this point, the problem lies
with your NAS, not FreeRadius. I would investigate there
I see it's wireless - what type of AP? Looks like a Cisco to me.
More information about the Freeradius-Users
mailing list