MS-CHAP2 Response is incorrect.

Garcia Herguedas, Unai u.garcia at ibermatica.com
Wed Dec 2 16:43:29 CET 2009 

Hi,

I´m having a problem deploying a FreeRadius server to authenticate Wireless users with an Active Directory.

I get this message in the logs (user, challenge, domain and nt-response edited):
Wed Dec  2 12:05:59 2009 : Debug:   modsingle[authenticate]: calling mschap (rlm_mschap) for request 6
Wed Dec  2 12:05:59 2009 : Debug:   rlm_mschap: No Cleartext-Password configured.  Cannot create LM-Password.
Wed Dec  2 12:05:59 2009 : Debug:   rlm_mschap: No Cleartext-Password configured.  Cannot create NT-Password.
Wed Dec  2 12:05:59 2009 : Debug:   rlm_mschap: Told to do MS-CHAPv2 for username with NT-Password
Wed Dec  2 12:05:59 2009 : Debug: radius_xlat: Running registered xlat function of module mschap for string 'User-Name'
Wed Dec  2 12:05:59 2009 : Debug:       expand: --username=%{mschap:User-Name} -> --username=username
Wed Dec  2 12:05:59 2009 : Debug: radius_xlat: Running registered xlat function of module mschap for string 'Challenge'
Wed Dec  2 12:05:59 2009 : Debug:  mschap2: 60
Wed Dec  2 12:05:59 2009 : Debug:       expand: --challenge=%{mschap:Challenge:-00} -> --challenge=challenge
Wed Dec  2 12:05:59 2009 : Debug: radius_xlat: Running registered xlat function of module mschap for string 'NT-Response'
Wed Dec  2 12:05:59 2009 : Debug:       expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=nt-response
Wed Dec  2 12:05:59 2009 : Debug: radius_xlat: Running registered xlat function of module mschap for string 'NT-Domain'
Wed Dec  2 12:05:59 2009 : Debug:       expand: --domain=%{mschap:NT-Domain} -> --domain=domain
Wed Dec  2 12:05:59 2009 : Debug: Exec-Program output:
Wed Dec  2 12:05:59 2009 : Debug: Exec-Program: returned: 1
Wed Dec  2 12:05:59 2009 : Debug:   rlm_mschap: External script failed.
Wed Dec  2 12:05:59 2009 : Debug:   rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
Wed Dec  2 12:05:59 2009 : Debug:   modsingle[authenticate]: returned from mschap (rlm_mschap) for request 6
Wed Dec  2 12:05:59 2009 : Debug:   rlm_mschap: External script failed.
Wed Dec  2 12:05:59 2009 : Debug:   rlm_mschap: FAILED: MS-CHAP2-Response is incorrect

If I execute in a shell the ntlm_auth with the same parameters as the log pointed I get an NT Key, so don´t really know why it's not working. I have tried varius solutions founded in internet without success.

BTW, The entire log is attached (edited user, challenge.....). If needed I can send conf files.

Thanks in advance.
Unai.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: radius.log
Type: application/octet-stream
Size: 69007 bytes
Desc: radius.log
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20091202/19e5a7df/attachment.obj>

More information about the Freeradius-Users mailing list