Getting NT_STATUS_WRONG_PASSWORD: Wrong Password (0xc000006a) when using ntlm_auth
lint
lint at pillclan.com
Wed Dec 7 22:13:45 CET 2011
Alan Buxey wrote
>
> ....and what type of request is coming through? - check the mschap module
> to see the challenge response
> example.... and 'radiusd -X' for help does help...
>
Alan, thank you, my wireless controller was set to send MSCHAP-v2. Changing
the controller to PAP allows it to complete a successful radius ping.
However, I have moved onto another problem, an 802.1x client will not
authenticate sending EAP-PEAP/EAP-MSCHAP-v2.
I received the following log output from radius:
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] # Executing group from file /etc/raddb/sites-enabled/default
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] No Cleartext-Password configured. Cannot create NT-Password.
[mschap] Creating challenge hash with username: root
[mschap] Told to do MS-CHAPv2 for root with NT-Password
[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
[eap] Freeing handler
++[eap] returns reject
Failed to authenticate the user.
My mschap module is configured as follows:
mschap {
use_mppe = yes
require_encryption = yes
require_strong = yes
with_ntdomain_hack = yes
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{%
{Stripped-User-Name}:-%{mschap:User-Name:-None}} --challenge=%
{mschap:Challenge:-00} –nt-response=%{mschap:NT-Response:-00}"
}
I have also tried:
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
--username=%{mschap:User-Name:-None}
--domain=%{%{mschap:NT-Domain}:-domain.net}
--challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
Please let me know if you see my errors, or have thoughts.
--
View this message in context: http://freeradius.1045715.n5.nabble.com/Getting-NT-STATUS-WRONG-PASSWORD-Wrong-Password-0xc000006a-when-using-ntlm-auth-tp5040204p5056976.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
More information about the Freeradius-Users
mailing list