freeradius SQL + EAP + Windows client

Ivan Kalik tnt at kalik.net
Thu Feb 28 23:25:33 CET 2008


>Hi, I've got some problem when I try to Authorize with SQL and a windows client to Wireless connection.
>

No, you don't.

>
>When I make a test with the command
>Radtest guillaume passtest localhost 1645 testing123
>I've have this result
..
>Sending Access-Accept of id 204 to 127.0.0.1 port 34468
>
>So authorize with SQL working for now

Yes.

> but it's when I try to connect with the same parameter with my windows client I've got a access-reject and I don't know why.
..
>+- entering group authenticate
>  rlm_eap: Request found, released from the list
>  rlm_eap: EAP/mschapv2
>  rlm_eap: processing type mschapv2
>+- entering group MS-CHAP
>  rlm_mschap: Told to do MS-CHAPv2 for guillaume with NT-Password
>	expand: --username=%{mschap:User-Name:-None} -> --username=guillaume
>  rlm_mschap: No NT-Domain was found in the User-Name.
>	expand: --domain=%{mschap:NT-Domain:-intranet} -> --domain=intranet
> mschap2: c4
>	expand: --challenge=%{mschap:Challenge:-00} -> --challenge=4384da4f07ddf5b1
>	expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=b4e365eb0f01c659d845bd177f80139ebbe46ada409725f1
>Exec-Program output: Logon failure (0xc000006d) 
>Exec-Program-Wait: plaintext: Logon failure (0xc000006d) 
>Exec-Program: returned: 1
>  rlm_mschap: External script failed.
>  rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
>++[mschap] returns reject

Well, you have configured it to authenticate against Active Directory.
That failed. Comment out ntlm_auth in mschap module and server will use
the password from your sql database.

Ivan Kalik
Kalik Informatika ISP




More information about the Freeradius-Users mailing list