EAP (PEAP)+ntlm_auth doesn't send password by it self

Cesar Ortega cesar8489 at hotmail.com
Fri Mar 19 20:51:03 CET 2010 

Hi Alan,

Thanks for your response. It didn't work either, the output is:

Listening on authentication address * port 1645
Listening on accounting address * port 1646
Listening on proxy address * port 1647
Ready to process requests.
rad_recv: Access-Request packet from host "AP's IP" port 1645, id=91, length=181
    User-Name = "MyDOMAIN\\ortegaca"
    Framed-MTU = 1400
    Called-Station-Id = "0015.62c8.75d0"
    Calling-Station-Id = "001f.3c2d.78d6"
    Cisco-AVPair = "ssid=radiusd"
    Service-Type = Login-User
    Message-Authenticator = 0x96ffc01213282f492a9dfebcac5f5cf0
    EAP-Message = 0x02020017015044565341323030305c6f72746567616361
    NAS-Port-Type = Wireless-802.11
    Cisco-NAS-Port = "3280"
    NAS-Port = 3280
    NAS-IP-Address = "AP's IP"
    NAS-Identifier = "ap"
+- entering group authorize {...}
[ntlm_auth] WARNING: Deprecated conditional expansion ":-".  See "man unlang" for details
[ntlm_auth]     ... expanding second conditional
[ntlm_auth] WARNING: Deprecated conditional expansion ":-".  See "man unlang" for details
[ntlm_auth]     expand: %{User-Name:-None} -> MyDOMAIN\ortegaca
[ntlm_auth]     expand: --username=%{Stripped-User-Name:-%{User-Name:-None}} -> --username=MyDOMAIN\ortegaca
[ntlm_auth] No MS-CHAP-Challenge in the request.
[ntlm_auth]     expand: --challenge=%{mschap:Challenge:-00} -> --challenge=
[ntlm_auth] No MS-CHAP-Response or MS-CHAP2-Response was found in the request.
[ntlm_auth]     expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=
hex decode of  failed! (only got 0 bytes)
Exec-Program output: 
Exec-Program: returned: 1
++[ntlm_auth] returns reject
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> MyDOMAIN\ortegaca
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 91 to "AP's IP" port 1645
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host "AP's IP" port 1645, id=92, length=181
    User-Name = "MyDOMAIN\\ortegaca"
    Framed-MTU = 1400
    Called-Station-Id = "0015.62c8.75d0"
    Calling-Station-Id = "001f.3c2d.78d6"
    Cisco-AVPair = "ssid=radiusd"
    Service-Type = Login-User
    Message-Authenticator = 0x33d0e749e1bb30e03f6bbe53e0601d27
    EAP-Message = 0x02010017015044565341323030305c6f72746567616361
    NAS-Port-Type = Wireless-802.11
    Cisco-NAS-Port = "3281"
    NAS-Port = 3281
    NAS-IP-Address = "AP's IP"
    NAS-Identifier = "ap"
+- entering group authorize {...}
[ntlm_auth] WARNING: Deprecated conditional expansion ":-".  See "man unlang" for details
[ntlm_auth]     ... expanding second conditional
[ntlm_auth] WARNING: Deprecated conditional expansion ":-".  See "man unlang" for details
[ntlm_auth]     expand: %{User-Name:-None} -> MyDOMAIN\ortegaca
[ntlm_auth]     expand: --username=%{Stripped-User-Name:-%{User-Name:-None}} -> --username=MyDOMAIN\ortegaca
[ntlm_auth] No MS-CHAP-Challenge in the request.
[ntlm_auth]     expand: --challenge=%{mschap:Challenge:-00} -> --challenge=
[ntlm_auth] No MS-CHAP-Response or MS-CHAP2-Response was found in the request.
[ntlm_auth]     expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=
hex decode of  failed! (only got 0 bytes)
Exec-Program output: 
Exec-Program: returned: 1
++[ntlm_auth] returns reject
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> MyDOMAIN\ortegaca
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 1 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.

As you can see above, there is something about the challenge but I really don't know what it is. So, again: What can I do for a transparent authentication against my Active Directory when a user is logged on it?.

Cesar






 		 	   		  
_________________________________________________________________
Invite your mail contacts to join your friends list with Windows Live Spaces. It's easy!
http://spaces.live.com/spacesapi.aspx?wx_action=create&wx_url=/friends.aspx&mkt=en-us
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100319/51db1f24/attachment.html>

More information about the Freeradius-Users mailing list