ubuntu server, FreeRadius 2.1.6, Active Directory Win2K3, Cisco Aironet AG1242

Alan DeKok aland at deployingradius.com
Thu Jun 25 08:30:51 CEST 2009

Petar Marinkovic wrote:
> [mschap] Told to do MS-CHAPv2 for pmarinkovic with NT-Password
> [mschap]     expand: --username=%{mschap:User-Name:-None} -> --username=pmarinkovic
> [mschap]  mschap2: 30
> [mschap]     expand: --domain=%{mschap:NT-Domain:-EXCHANGE}--challenge=%{mschap:Challenge:-00} -> --domain=EXCHANGE--challenge=73e442d7ccbf38a0

  That's wrong... you need a space between the two command-line options.

  --domain=.... --challenge=...

> In radiusd.conf, I only added exec lines to modules section from the
> tutorial
> |exec ntlm_auth {

  That's not being used here, so it's not affecting this example.

> And mschap file in modules dir. I left those 3 commented lines, I tried
> also with them, but no luck.||
> mschap {
>     with_ntdomain_hack = yes
>     #use_mppe = yes
>     #require_encryption = yes
>     #require_strong = no
>     ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name:-None} --domain=%{mschap:NT-Domain:-EXCHANGE}--challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"

  You added the "--domain=.." portion too close to the "--challenge".

> What I am doing wrong here? In eap.conf I only changed default_auth_type
> to PEAP, and that's all. Many thanks for your help, and I would
> appreaciate it a lot if you can help me, cause this thing is driving me
> crazy for last 2-3 days. I read bunch of topics, but none helped..

  Posting the debug log is *exactly* the information that was needed to
solve this problem.

  Alan DeKok.

More information about the Freeradius-Users mailing list