ubuntu server, FreeRadius 2.1.6, Active Directory Win2K3, Cisco Aironet AG1242
Alan DeKok
aland at deployingradius.com
Thu Jun 25 08:30:51 CEST 2009
Petar Marinkovic wrote:
> [mschap] Told to do MS-CHAPv2 for pmarinkovic with NT-Password
> [mschap] expand: --username=%{mschap:User-Name:-None} -> --username=pmarinkovic
>
> [mschap] mschap2: 30
> [mschap] expand: --domain=%{mschap:NT-Domain:-EXCHANGE}--challenge=%{mschap:Challenge:-00} -> --domain=EXCHANGE--challenge=73e442d7ccbf38a0
That's wrong... you need a space between the two command-line options.
--domain=.... --challenge=...
^
SPACE
> In radiusd.conf, I only added exec lines to modules section from the
> tutorial
>
> |exec ntlm_auth {
That's not being used here, so it's not affecting this example.
> And mschap file in modules dir. I left those 3 commented lines, I tried
> also with them, but no luck.||
>
> mschap {
> with_ntdomain_hack = yes
> #use_mppe = yes
> #require_encryption = yes
> #require_strong = no
>
> ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name:-None} --domain=%{mschap:NT-Domain:-EXCHANGE}--challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
You added the "--domain=.." portion too close to the "--challenge".
> What I am doing wrong here? In eap.conf I only changed default_auth_type
> to PEAP, and that's all. Many thanks for your help, and I would
> appreaciate it a lot if you can help me, cause this thing is driving me
> crazy for last 2-3 days. I read bunch of topics, but none helped..
Posting the debug log is *exactly* the information that was needed to
solve this problem.
Alan DeKok.
More information about the Freeradius-Users
mailing list