Windows Server 2008 R2 (was already working...)

mr typo euroregistrar at gmail.com
Wed Apr 7 09:31:53 CEST 2010


hello,

i have added the with_nt_domain_hack in the mschapv2 section of eap.conf

mschapv2 {
                        with_ntdomain_hack = yes
                }


with this change i am getting the following in debug log:
[eap] processing type mschapv2
[mschapv2] +- entering group MS-CHAP {...}
[mschap] Told to do MS-CHAPv2 for asartori at fh-salzburg.ac.at with
NT-Password
[mschap]  expand: --username=%{Stripped-User-Name} -> --username=asartori
[mschap]  mschap2: f9
[mschap]  expand: --challenge=%{mschap:Challenge} ->
--challenge=f06598f7d3c7a32d
[mschap]  expand: --nt-response=%{mschap:NT-Response} ->
--nt-response=eee56e2489411d6d778ab1a40cee629b6abce82769c1c1d1
Exec-Program output: NT_KEY: 3395EA4C15F1E2CE98AB55D36DE5DFBB
Exec-Program-Wait: plaintext: NT_KEY: 3395EA4C15F1E2CE98AB55D36DE5DFBB
Exec-Program: returned: 0
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
MSCHAP Success
++[eap] returns handled

but i never receive a access-accept. from my understanding it should work?

the complete debug log is at:
https://overlord.fh-salzburg.ac.at/~asartori/debug.txt

i hope someone can help!

kind regards

-euro

On Tue, Apr 6, 2010 at 8:02 PM, mr typo <euroregistrar at gmail.com> wrote:

> ill try that. it is just strange that it worked until now..
>
> in the module mschap i am doing a ntlm_auth request. that is how the
> authenticate sections looks like now.
>
> authenticate {
>                 Auth-Type MS-CHAP {
>                         mschap
>                 }
>                 eap
>         }
>
> so i configure ntlm_auth from the modules and put the directive ntlm_auth
> just before "Auth-Type MS-CHAP"?
>
> ill try that tomorrow, right now i have no chance to test it out.
>
> regards
>
> -euro
>
> On Tue, Apr 6, 2010 at 5:20 PM, Alan DeKok <aland at deployingradius.com>wrote:
>
>> mr typo wrote:
>> > [mschap] Told to do MS-CHAPv2 for asartori at fh-salzburg.ac.at
>> > <mailto:asartori at fh-salzburg.ac.at> with NT-Password
>> > [mschap] FAILED: No NT/LM-Password.  Cannot perform authentication.
>>
>>   You forced MS-CHAP (i.e. non-ntlm_auth) authentication in FreeRADIUS.
>>  Fix that.
>>
>>  Alan DeKok.
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100407/247b9d90/attachment.html>


More information about the Freeradius-Users mailing list