Renaming during Machine Authentication

Phil Mayers p.mayers at imperial.ac.uk
Thu May 19 09:58:25 CEST 2011


> User-Name = "host/TECH-11501"

Machines which are in the domain normally have this as:

host/name.domain.com

i.e. there is a "domain.com" at the end of the name.

The absence of that suggests to me that the machine is not a domain 
member. Is that the case? If so, it cannot do machine auth.

> Calling-Station-Id = "00265EE9B2CA"
> Called-Station-Id = "000B86611894"
> MS-CHAP-Challenge = 0x5551e00f40ce355de8053dbc2f64b5dd
> MS-CHAP2-Response =
> 0x0700226e95f1d0ae4efe8f381fd3714c7b0f0000000000000000904f33f5941ab6017f433da0f45438dc665447e9d6510a2d
> Service-Type = Login-User
> Aruba-Essid-Name = "HPSD_RAD2"
> Aruba-Location-Id = "Tech 01"

Great. More Aruba, probably terminating the PEAP locally. What a junky 
product.

See other posts on the list in the past few days - you should DISABLE 
"terminate PEAP" (or whatever the option is) on your Aruba equipment, 
and let it do the EAP/PEAP.

> +- entering group MS-CHAP {...}
> [mschap] Creating challenge hash with username: host/TECH-11501
> [mschap] Told to do MS-CHAPv2 for host/TECH-11501 with NT-Password
> [mschap] FAILED: MS-CHAP2-Response is incorrect

Hmm. Indicating the password is not correct or the EAP has been fiddled 
with.



More information about the Freeradius-Users mailing list