mschap with ntlm_auth and Active Directory
Phil Mayers
p.mayers at imperial.ac.uk
Fri Mar 4 00:20:45 CET 2011
On 03/03/2011 11:07 PM, robert22 wrote:
>
> McNutt, Justin M. wrote:
>>
>> Also check that winbind is working like this:
>>
>> wbinfo --all-domains
>>
>> If you don't see a list of all valid NT-style domains, winbind is broken
>> and you'll have to fix that first.
>>
>
> that command displays all the domains correctly.
>
> However, running the ntlm_auth command with the challange and response gives
> a "Logon failure (0xc000006d)"
>
> root at FREERADIUS:~# ntlm_auth --request-nt-key --username=0024D6650564
> --domain=MY.ACTUAL.DOMAIN --challenge=9034daf90ecd43a3
> --nt-response=cd206503887edb3e33ac801d348cd30a7aefa411651be9d0
> Logon failure (0xc000006d)
Well, that's pretty clear. The response is not valid, meaning that
either the password is wrong somewhere, or samba is corrupting things
(which has happened in some buggy versions)
Are you sure the mschap client is using the right password, and matches
the password in the domain?
Can you do a plaintext auth with the password you expect it to be?
ntlm_auth --username=<themac> --password=<the value>
More information about the Freeradius-Users
mailing list