MS-CHAP2-Response is incorrect + invalid NT-Password
omega bk
omegabk at gmail.com
Mon Mar 15 11:35:49 CET 2010
sorry for spamming, i just want to understand
*OpenLDAP knows the clear text password:*
[ldap] userPassword -> Cleartext-Password == "test "
[ldap] userPassword -> NT-Password == 0x7465737420 *=> supposed to be the
hash password*
[ldap] looking for reply items in directory...
[ldap] user bernard authorized to use remote access
[ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] +- entering group MS-CHAP {...}
*Is the inner tunnel part of the MSCHAPv2 is failing because
it doesn't kwow the way of dealing with the password supplied ?*
*Adding into ldap.attrmap the userPassword -> NT-Password is enough to
produce a correct NT hash password?
*[mschap] Invalid NT-Password * *
[mschap] Told to do MS-CHAPv2 for bernard with NT-Password
[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
[eap] Freeing handler
++[eap] returns reject
Failed to authenticate the user.
} # server inner-tunnel
[peap] Got tunneled reply code 3
MS-CHAP-Error = "\nE=691 R=1"
EAP-Message = 0x040a0004
Message-Authenticator = 0x00000000000000000000000000000000
[peap] Got tunneled reply RADIUS code 3
MS-CHAP-Error = "\nE=691 R=1"
EAP-Message = 0x040a0004
Message-Authenticator = 0x00000000000000000000000000000000
[peap] Tunneled authentication was rejected.
[peap] FAILURE
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100315/9458cba6/attachment.html>
More information about the Freeradius-Users
mailing list