MS-CHAP failing?

[Mark Holmes]

Alan,

Well spotted! - yes there was a bit missing from the end of that line in mschap - response=%(mschap:NT-Response:-00}"  Twas indeed a cut-and-paste error.

Thanks very much - it now works!

Cheers,

Mark


-----Original Message-----
From: freeradius-users-bounces+mark.holmes=nuffield.ox.ac.uk at lists.freeradius.org [mailto:freeradius-users-bounces+mark.holmes=nuffield.ox.ac.uk at lists.freeradius.org] On Behalf Of Alan Buxey
Sent: 12 October 2010 15:04
To: FreeRadius users mailing list
Subject: Re: MS-CHAP failing?

Hi,

> my /modules/ntlm_auth looks like this:-
> 
> exec ntlm_auth {
>                 wait = yes
>                 program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}"
>         }

I'd hope it doesnt look like that- fix the /path/to bit to give it the proper details.

> and modules/mschap looks like this
> 
> ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name:-None} --domain=%{%{mschap:NT-Domain}:-NUFFIELDCOLLEGE} --challenge=%{mschap:Challenge:-00}
> --nt-response=%{mschap:NT-Response$
> }

and that entry looks a little broken too - ending in $ - a cut and paste issue?

> Sending Access-Challenge of id 5 to 192.168.30.1 port 1162
>         EAP-Message = 0x0106004119001403010001011603010030f615a58846d51361b77eab5683e34a0a744f3af094b2c5478a0a1042f89c4f48d3f71abaae4bd259922300d95ae0bfb4
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0xbc7efc4cb978e53c4bf33c60bc849290
> Finished request 11.

and waiting and challenging.... what client are you using? this looks like a
windows client that doesnt have the RADIUS CA installed on it

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html