FR + AD host/ machine/ workstation authentication

Jacob Jarick mem.namefix at gmail.com
Mon Jul 9 02:41:46 CEST 2007


Phil & A.L
Thanks alot for this new information I have to rebuild my network
again (big shift around at work) and test again.

On 7/7/07, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
> As per my previous emails, you can see the rlm_mschap is doing the
> expansion correctly without Novells hack:
>
> > modcall: entering group MS-CHAP for request 6
> >   rlm_mschap: No User-Password configured.  Cannot create LM-Password.
> >   rlm_mschap: No User-Password configured.  Cannot create NT-Password.
> >   rlm_mschap: Told to do MS-CHAPv2 for host/Andy.admin9999.internal
> > with NT-Password
> > radius_xlat: Running registered xlat function of module mschap for
> > string 'User-Name'
> > radius_xlat:  '--username=Andy$'
> > radius_xlat: Running registered xlat function of module mschap for
> > string 'NT-Domain'
> > radius_xlat:  '--domain=admin9999'
> > radius_xlat: Running registered xlat function of module mschap for
> > string 'Challenge'
> >  mschap2: a1
> > radius_xlat:  '--challenge=d86cb80cb2cc9af6'
> > radius_xlat: Running registered xlat function of module mschap for
> > string 'NT-Response'
> > radius_xlat:  '--nt-response=7010e83a5b08ff6401e35e1f5916396538272a88a162a194'
> > Exec-Program output: NT_KEY: 18B3A6F684E6D9218D8F63B68904C2D2
> > Exec-Program-Wait: plaintext: NT_KEY: 18B3A6F684E6D9218D8F63B68904C2D2
>
> ...and your radius server sends an accept:
>
> > Sending Access-Accept of id 238 to 10.10.60.100 port 1645
> >       MS-MPPE-Recv-Key =
> > 0xbba590b48209b4e284f1b69dc04d04c0db3b2e5f487e30c9b2554d3e9b14c8c3
> >       MS-MPPE-Send-Key =
> > 0xa41125592b9aab7510bfcee91fb53cb91bf49fba67a0ad95879538526a78edff
> >       EAP-Message = 0x030b0004
> >       Message-Authenticator = 0x00000000000000000000000000000000
> >       User-Name = "host/Andy.admin9999.internal"
> > Finished request 8
>
> If your machine isn't on the network at this point, the problem lies
> with your NAS, not FreeRadius. I would investigate there
>
> I see it's wireless - what type of AP? Looks like a Cisco to me.
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>



More information about the Freeradius-Users mailing list