EAP (PEAP)+ntlm_auth doesn't send password by it self

Cesar Ortega cesar8489 at hotmail.com
Fri Mar 19 19:38:45 CET 2010 

Good morning fellas,

After several unsuccessful attempts I could install Freeradius with OpenSSL support for do ntlm_auth for the users with Active Directory integration. The problem is, when the windows xp machine try to connect to the wireless network, Freeradius (or windows xp machine, reallly dont know) doesn't fill the password field like user-name does. So, Any one knows why it is happening? Because for this reason I get the error in the auithentication (Exec-Program output: NT_STATUS_WRONG_PASSWORD: Wrong Password 
(0xc000006a) 

Exec-Program-Wait: plaintext: NT_STATUS_WRONG_PASSWORD: Wrong Password 
(0xc000006a) )

Listening on authentication address * port 1645
Listening on accounting address * port 1646
Listening on proxy address * port 1647
Ready to process requests.
rad_recv: Access-Request packet from host "AP's IP"  port 1645, id=76, length=181
    User-Name = "MYDOMAIN\\ortegaca"
    Framed-MTU = 1400
    Called-Station-Id = "0015.62c8.75d0"
    Calling-Station-Id = "001f.3c2d.78d6"
    Cisco-AVPair = "ssid=radiusd"
    Service-Type = Login-User
    Message-Authenticator = 0x3408edc72d37acf533d28f0b24f43f81
    EAP-Message = 0x02020017015044565341323030305c6f72746567616361
    NAS-Port-Type = Wireless-802.11
    Cisco-NAS-Port = "3259"
    NAS-Port = 3259
    NAS-IP-Address = "AP's IP"
    NAS-Identifier = "ap"
+- entering group authorize {...}
[ntlm_auth]     expand: --username=%{mschap:User-Name} -> --username=ortegaca
[ntlm_auth]     expand: --password=%{User-Password} -> --password=
Exec-Program output: NT_STATUS_WRONG_PASSWORD: Wrong Password (0xc000006a) 
Exec-Program-Wait: plaintext: NT_STATUS_WRONG_PASSWORD: Wrong Password (0xc000006a) 
Exec-Program: returned: 1
++[ntlm_auth] returns reject
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> PDVSA2000\ortegaca
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.7 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 76 to "AP's IP" port 1645
Waking up in 4.9 seconds.
Cleaning up request 0 ID 76 with timestamp +17
Ready to process requests.

Thanks in advance,

Cesar
 		 	   		  
_________________________________________________________________
Explore the seven wonders of the world
http://search.msn.com/results.aspx?q=7+wonders+world&mkt=en-US&form=QBRE
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100319/f0253ca6/attachment.html>

More information about the Freeradius-Users mailing list