Windows Server 2008 R2 (was already working...)

mr typo euroregistrar at gmail.com
Thu Apr 8 08:43:01 CEST 2010 

update: not working again. 4 or 5 requests were working, now it is the same
problem again.

stopping at the access-challenge..

-euro

On Thu, Apr 8, 2010 at 8:36 AM, mr typo <euroregistrar at gmail.com> wrote:

> so mschap is working again, but now radius stops processing at sending the
> access-challenge to the accesspoint. it should not be a certificate problem,
> since  the error is happening with all devices (win, mac, mobiles,..). proxy
> requests to another radius are working fine.
>
> andy ideas?
>
> i am running on freeradius self compiled under centos5
>
> update: after a reboot it is working again... any ideas what could have
> caused the problem? reboot is not a solution if it happens again.
>
> -euro
>
> [mschap] adding MS-CHAPv2 MPPE keys
> ++[mschap] returns ok
> MSCHAP Success
> ++[eap] returns handled
> } # server eduroam-inner-tunnel
> [peap] Got tunneled reply code 11
> EAP-Message =
> 0x010b00331a030a002e533d46313235324136433543373437413137363637363739333345314443413030444330393842343436
>  Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x34d7bc0635dca66007f66a576398301e
> [peap] Got tunneled reply RADIUS code 11
> EAP-Message =
> 0x010b00331a030a002e533d46313235324136433543373437413137363637363739333345314443413030444330393842343436
>  Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x34d7bc0635dca66007f66a576398301e
> [peap] Got tunneled Access-Challenge
> ++[eap] returns handled
> } # server eduroam
> Sending Access-Challenge of id 74 to 10.80.10.150 port 1645
> EAP-Message =
> 0x010b005b190017030100505394731e4048fe963007422bc8845a6901f4d04aa5c7f8e3c1bfc8b90a673a8bcde0455548fdfa1613eccb28d130d26caee4ca2fa7780f7f1f6df04625ee7ba950b11c3e610052763cc6cadcf803d7c9
>  Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x193fdf6a1034c6d4fb779767b11c2fbf
> Finished request 9.
> Going to the next request
> Waking up in 1.0 seconds.
> Cleaning up request 0 ID 65 with timestamp +7
>
>
>
> On Wed, Apr 7, 2010 at 9:31 AM, mr typo <euroregistrar at gmail.com> wrote:
>
>> hello,
>>
>> i have added the with_nt_domain_hack in the mschapv2 section of eap.conf
>>
>> mschapv2 {
>>                         with_ntdomain_hack = yes
>>                 }
>>
>>
>> with this change i am getting the following in debug log:
>> [eap] processing type mschapv2
>> [mschapv2] +- entering group MS-CHAP {...}
>> [mschap] Told to do MS-CHAPv2 for asartori at fh-salzburg.ac.at with
>> NT-Password
>> [mschap]  expand: --username=%{Stripped-User-Name} -> --username=asartori
>> [mschap]  mschap2: f9
>> [mschap]  expand: --challenge=%{mschap:Challenge} ->
>> --challenge=f06598f7d3c7a32d
>> [mschap]  expand: --nt-response=%{mschap:NT-Response} ->
>> --nt-response=eee56e2489411d6d778ab1a40cee629b6abce82769c1c1d1
>> Exec-Program output: NT_KEY: 3395EA4C15F1E2CE98AB55D36DE5DFBB
>> Exec-Program-Wait: plaintext: NT_KEY: 3395EA4C15F1E2CE98AB55D36DE5DFBB
>> Exec-Program: returned: 0
>> [mschap] adding MS-CHAPv2 MPPE keys
>> ++[mschap] returns ok
>> MSCHAP Success
>> ++[eap] returns handled
>>
>> but i never receive a access-accept. from my understanding it should work?
>>
>> the complete debug log is at:
>> https://overlord.fh-salzburg.ac.at/~asartori/debug.txt
>>
>> i hope someone can help!
>>
>> kind regards
>>
>> -euro
>>
>> On Tue, Apr 6, 2010 at 8:02 PM, mr typo <euroregistrar at gmail.com> wrote:
>>
>>> ill try that. it is just strange that it worked until now..
>>>
>>> in the module mschap i am doing a ntlm_auth request. that is how the
>>> authenticate sections looks like now.
>>>
>>> authenticate {
>>>                 Auth-Type MS-CHAP {
>>>                         mschap
>>>                 }
>>>                 eap
>>>         }
>>>
>>> so i configure ntlm_auth from the modules and put the directive ntlm_auth
>>> just before "Auth-Type MS-CHAP"?
>>>
>>> ill try that tomorrow, right now i have no chance to test it out.
>>>
>>> regards
>>>
>>> -euro
>>>
>>> On Tue, Apr 6, 2010 at 5:20 PM, Alan DeKok <aland at deployingradius.com>wrote:
>>>
>>>> mr typo wrote:
>>>> > [mschap] Told to do MS-CHAPv2 for asartori at fh-salzburg.ac.at
>>>> > <mailto:asartori at fh-salzburg.ac.at> with NT-Password
>>>> > [mschap] FAILED: No NT/LM-Password.  Cannot perform authentication.
>>>>
>>>>   You forced MS-CHAP (i.e. non-ntlm_auth) authentication in FreeRADIUS.
>>>>  Fix that.
>>>>
>>>>  Alan DeKok.
>>>> -
>>>> List info/subscribe/unsubscribe? See
>>>> http://www.freeradius.org/list/users.html
>>>>
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100408/2ecfd881/attachment.html>

More information about the Freeradius-Users mailing list