Authentication failed

Carlos Jimenez Barranco cjimenez at impala-net.com
Thu Jul 12 13:49:57 CEST 2007 

***********************
Mensaje examinado por el antivirus perimetral de Impala Network Solutions
***********-***********


Hello, Stefan:

We have entered this data in radiusd.conf:

# Be VERY careful when editing the following line!
		#
		#ntlm_auth = "/path/to/ntlm_auth --request-nt-key --username=%{Stripped-User-Name:-%{User-Name:-None}} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
	
                ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
                                 --domain=%{mschap:NT-Domain}
                                 --username=%{mschap:User-Name}
                                 --challenge=%{mschap:Challenge:-00}
                                 --nt-response=%{mschap:NT-Response:-00}"


Maybe, the "intro" after every line is not correct, so we have changed it for:

ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --domain=%{mschap:NT-Domain} --username=%{mschap:User-Name} --challenge=%{mschap:Challenge:-00}     --nt-response=%{mschap:NT-Response:-00}"


And the problem continues. 


Carlos Jimenez Barranco
- Área de Postventa
    Telf. +34 933034139
 

www.impala-net.com

Sistemas de Comunicaciones Corporativas

 



-----Mensaje original-----
De: freeradius-users-bounces+cjimenez=impala-net.com at lists.freeradius.org [mailto:freeradius-users-bounces+cjimenez=impala-net.com at lists.freeradius.org] En nombre de Stefan Winter
Enviado el: jueves, 12 de julio de 2007 13:17
Para: FreeRadius users mailing list
Asunto: Re: Authentication failed

Hi,

okay, now that the User-Name thing is fixed, another problem with your config 
shows up. The ntlm_auth line is way too short! Therefore, the key can't be 
retrieved.
Is there maybe a line wrap in radiusd.conf, line "ntlm_auth = ..." or 
something? The shipped ntlm_auth line works by default! Yours is only

'/usr/bin/ntlm_auth --request-nt-key '

i.e. it's missing all the important parts!

Stefan

> modcall: entering group Auth-Type for request 8
>   rlm_mschap: No User-Password configured.  Cannot create LM-Password.
>   rlm_mschap: No User-Password configured.  Cannot create NT-Password.
>   rlm_mschap: Told to do MS-CHAPv2 for host/PC-BARCMM2.it.local with
> NT-Password radius_xlat:  '/usr/bin/ntlm_auth --request-nt-key '
> Exec-Program: /usr/bin/ntlm_auth --request-nt-key
> username must be specified!
>
> Usage: [OPTION...]
>   --helper-protocol=helper protocol to use     operate as a stdio-based
> helper --username=STRING                            username
>   --domain=STRING                              domain name
>   --workstation=STRING                         workstation
>   --challenge=STRING                           challenge (HEX encoded)
>   --lm-response=STRING                         LM Response to the challenge
>                                                (HEX encoded)
>   --nt-response=STRING                         NT or NTLMv2 Response to the
>                                                challenge (HEX encoded)
>   --password=STRING                            User's plaintext password
>   --request-lm-key                             Retreive LM session key
>   --request-nt-key                             Retreive User (NT) session
> key --diagnostics                                Perform diagnostics on the
> authentictaion chain --require-membership-of=STRING               Require
> that a user be a member of this group (either name or SID) for
> authentication to succeed
>
> Help options
>   -?, --help                                   Show this help message
>   --usage                                      Display brief usage message
>
> Common samba options:
>   -d, --debuglevel=DEBUGLEVEL                  Set debug level
>   -s, --configfile=CONFIGFILE                  Use alternative
> configuration file
>   -l, --log-basename=LOGFILEBASE               Basename for log/debug files
>   -V, --version                                Print version
> Exec-Program output:
> Exec-Program: returned: 1
>   rlm_mschap: External script failed.


-- 
Stefan WINTER

Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de 
la Recherche
Ingenieur Forschung & Entwicklung

6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: stefan.winter at restena.lu     Tel.:     +352 424409-1
http://www.restena.lu                Fax:      +352 422473


___________________________________________________________________________

Este mensaje se dirije exclusivamente a su destinatario y puede contener
información privilegiada o confidencial de Impala Network Solutions S.L.
Si no es vd. el destinatario indicado, queda notificado de que la utilización,
divulgación y/o copia sin autorización está prohibida en virtud de la legislación vigente.
Si ha recibido este mensaje por error, le rogamos nos lo comunique
inmediatamente por esta misma via y proceda a su destrucción.


This message is intended exclusively for its addressee and may contain
information that is CONFIDENTIAL and protected by professional privilege.
If you are not the intended recipient you are hereby notified that any
dissemination, copy or disclosure of this communication is strictly
prohibited by law. If this message has been received in error, please
immediately notify us via e-mail and delete it.
___________________________________________________________________________

More information about the Freeradius-Users mailing list