Authenticating agains AD issues

Johnson, Neil M neil-johnson at uiowa.edu
Thu Oct 28 17:22:58 CEST 2010


Yes, I did.

Thanks.
-Neil


--
Neil Johnson
Network Engineer
Information Technology Services
The University of Iowa
319 384-0938
neil-johnson at uiowa.edu

From: freeradius-users-bounces+neil-johnson=uiowa.edu at lists.freeradius.org [mailto:freeradius-users-bounces+neil-johnson=uiowa.edu at lists.freeradius.org] On Behalf Of Sallee, Stephen (Jake)
Sent: Thursday, October 28, 2010 10:15 AM
To: FreeRadius users mailing list
Subject: RE: Authenticating agains AD issues

Did you enable the "WITH NT DOMAIN HACK" in your MSCHAP module?

Jake Sallee
Godfather Of Bandwidth
Network Engineer

Fone: 254-295-4658
Phax: 254-295-4221


From: freeradius-users-bounces+jake.sallee=umhb.edu at lists.freeradius.org [mailto:freeradius-users-bounces+jake.sallee=umhb.edu at lists.freeradius.org] On Behalf Of Johnson, Neil M
Sent: Thursday, October 28, 2010 9:48 AM
To: freeradius-users at lists.freeradius.org
Subject: Authenticating agains AD issues


I've been following the reciepe on the "Deploying RADIUS" web site, but I have been unable to get an iPhone or Laptop to authenticate to wireless.

It appears from the log that ntlm_auth is behaving correctly but the the challenge continues.

I'm running 2.1.9 on Fedora 12 using the demonstration certificates.

Here is the last part of the log file:

Thanks in advance.
-Neil

[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] +- entering group MS-CHAP {...}
[mschap] Told to do MS-CHAPv2 for nmjoo with NT-Password
[mschap]        expand: %{Stripped-User-Name} ->
[mschap]        ... expanding second conditional
[mschap] WARNING: Deprecated conditional expansion ":-".  See "man unlang" for details
[mschap]        expand: %{User-Name:-None} -> IOWA\nmjoo
[mschap]        expand: --username=%{%{Stripped-User-Name}:-%{User-Name:-None}} -> --username=IOWA\nmjoo
[mschap]  mschap2: 5e
[mschap]        expand: --challenge=%{mschap:Challenge:-00} -> --challenge=13fe382b60e3bba9
[mschap]        expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=24bf15cdc812e5f7fb9723f21143bb775b24a1914870caf0
Exec-Program output: NT_KEY: 0FD5C0593F3B79F0478DB821B51BCB38
Exec-Program-Wait: plaintext: NT_KEY: 0FD5C0593F3B79F0478DB821B51BCB38
Exec-Program: returned: 0
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
MSCHAP Success
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
        EAP-Message = 0x010a00331a0309002e533d36463744463330464436383432423542423738463736454339423230454534453639434431463338
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x9b59f55f9a53ef43871eb82ef0802a05
[peap] Got tunneled reply RADIUS code 11
        EAP-Message = 0x010a00331a0309002e533d36463744463330464436383432423542423738463736454339423230454534453639434431463338
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x9b59f55f9a53ef43871eb82ef0802a05
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 112 to 128.255.11.74 port 32768
        EAP-Message = 0x010a005b19001703010050f59dec82774ce4b8dc5bb542e29881b2cb321a7136c39e4f1a498708fa2515da475f29ec726bd310dd96ab7ae6de4a85f079285567b375a7fa02d137f9d0d2adcf75dc887c91c50a41e041c13b370882
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xa489d972ac83c05d8d6d2302f3fa3977
Finished request 17.
Going to the next request
Waking up in 3.2 seconds.
Cleaning up request 0 ID 95 with timestamp +9
Cleaning up request 1 ID 96 with timestamp +9
Cleaning up request 2 ID 97 with timestamp +9
Cleaning up request 3 ID 98 with timestamp +9
Cleaning up request 4 ID 99 with timestamp +9
Cleaning up request 5 ID 100 with timestamp +9
Cleaning up request 6 ID 101 with timestamp +9
Cleaning up request 7 ID 102 with timestamp +9
Cleaning up request 8 ID 103 with timestamp +9
Waking up in 1.0 seconds.
Cleaning up request 9 ID 104 with timestamp +10
Cleaning up request 10 ID 105 with timestamp +10
Cleaning up request 11 ID 106 with timestamp +10
Cleaning up request 12 ID 107 with timestamp +10
Cleaning up request 13 ID 108 with timestamp +10
Cleaning up request 14 ID 109 with timestamp +10
Cleaning up request 15 ID 110 with timestamp +10
Cleaning up request 16 ID 111 with timestamp +10
Cleaning up request 17 ID 112 with timestamp +10
Ready to process requests.

--
Neil Johnson
Network Engineer
Information Technology Services
The University of Iowa
Work: 319 384-0938
Mobile: 319 540-2081
Fax: 319 355-2618
E-mail: neil-johnson at uiowa.edu<mailto:neil-johnson at uiowa.edu>







-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20101028/3ba55332/attachment.html>


More information about the Freeradius-Users mailing list