FreeRADIUS with Samba3, AD(Samba4) and and Windows XP

Бисер Миланов doggy306 at abv.bg
Thu Sep 9 13:59:54 CEST 2010 

 Hello!

We have a problem with a FreeRADIUS and Active Directory (Samba4) installation. After following:

http://deployingradius.com/documents/configuration/active_directory.html

ntlm_auth is working correctly when I try to authenticate a WinXP SP3 client, however, the authentication fails here:

Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] +- entering group MS-CHAP {...}
[mschap] Told to do MS-CHAPv2 for tester with NT-Password
[mschap]        expand: %{Stripped-User-Name} -> 
[mschap]        ... expanding second conditional
[mschap] WARNING: Deprecated conditional expansion ":-".  See "man unlang" for details
[mschap]        expand: %{User-Name:-None} -> tester
[mschap]        expand: --username=%{%{Stripped-User-Name}:-%{User-Name:-None}} -> --username=tester
[mschap]  mschap2: d6
[mschap]        expand: --challenge=%{mschap:Challenge:-00} -> --challenge=d403bba2070cf6e8
[mschap]        expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=af94dd4de371c9841bf877d46e305a02ded73887b31ee1b4
Exec-Program output: NT_KEY: 46400C4F130794910739F005A8C45821 
Exec-Program-Wait: plaintext: NT_KEY: 46400C4F130794910739F005A8C45821 
Exec-Program: returned: 0
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
MSCHAP Success 
++[eap] returns handled
} # server 
[peap] Got tunneled reply code 11
        EAP-Message = 0x010800331a0307002e533d41343234334238464641363637383739374636463346334543354539344431433641363737383335
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x5543652a544b7f1d5179a5e433696c2c
[peap] Got tunneled reply RADIUS code 11
        EAP-Message = 0x010800331a0307002e533d41343234334238464641363637383739374636463346334543354539344431433641363737383335
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x5543652a544b7f1d5179a5e433696c2c
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 19 to 10.2.1.3 port 1645
        EAP-Message = 0x0108004a1900170301003f02a1a58fbb50b524475113279c8c6e0233d96507294ed892871d2fe941c1832e90edbc635a5a6306e9aa9b4a21d153b3c6c2b1f34d0d760252495f5c05fabd
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x1b05ec0d1d0df5adcd779ed1359b432b
Finished request 6.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 13 with timestamp +18
Cleaning up request 1 ID 14 with timestamp +18
Cleaning up request 2 ID 15 with timestamp +18
Cleaning up request 3 ID 16 with timestamp +18
Cleaning up request 4 ID 17 with timestamp +18
Cleaning up request 5 ID 18 with timestamp +18
Cleaning up request 6 ID 19 with timestamp +18
Ready to process requests.


I seems that FreeRADIUS is sending an Access-Challenge but does not get a reply. What can be the source of the problem?

More information about the Freeradius-Users mailing list