MSCHAP module returns OK, authentication fails..
Alan DeKok
aland at deployingradius.com
Wed Aug 27 13:35:19 CEST 2008
James Yale wrote:
> With a default configuration EAP works with a user specified in the
> users file with a cleartext password
> (http://jim.geezas.com/stuff/radius-debugging/ *-success.log files).
> This works via eapol and a Mac test client.
Ah.
> As soon as I enable the MSCHAP module (uncommenting the ntlm auth
> line) all authentication queries the AD here, so the locally
> configured user fails. When I try a user configured in the AD I'm
> getting:
>
> EAP-MSCHAPV2: Invalid authenticator response in success request
Upgrade Samba. If you're not using at least 3.2.1, upgrade to that.
> http://jim.geezas.com/stuff/radius-debugging/ *-failure.log), the
> message authenticator does seem to be invalid,
No. eapol_test is saying that the MSCHAP response is invalid.
> Has anyone seen this problem before, or am I looking in the wrong place?
Others have seen exactly the same thing in the past weeks. Upgrading
Samba fixed it.
Alan DeKok.
More information about the Freeradius-Users
mailing list