NT_STATUS_WRONG_PASSWORD: Wrong Password!!!

"Guillermo W. Llanes Suárez" gwilliam at uci.cu
Wed Nov 30 23:19:32 CET 2011


El 30/11/2011 16:57, Alan Buxey escribió:
> Hi,
>> Hello friends, I tell them:
>> When I try to authenticate using mschap I encounter this
>> error''NT_STATUS_WRONG_PASSWORD: Wrong Password'', yet when I do the
>> test using authentic pap without problems. I'm trying to authenticate my
>> freeradius server with active directory server.
>> Greetings and waiting for your help. William
> what happens when you run the ntlm_auth command direct on command line?
>
> what version of SAMBA are you running?
>
> alan
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
> Fin a la injusticia, LIBERTAD AHORA A NUESTROS CINCO COMPATRIOTAS QUE SE ENCUENTRAN INJUSTAMENTE EN PRISIONES DE LOS EEUU!
> http://www.antiterroristas.cu
> http://justiciaparaloscinco.wordpress.com
Hi Alan, when I run the ntlm_auth command gives me an effective response.
*ntlm_auth --request-nt-key --domain=MyDomain 
--username=USER--password=PASS*
_/NT_STATUS_OK: Success (0x0)/_

_*freeradius -X (DEBUG MODE)*_
rad_recv: Access-Request packet from host 127.0.0.1 port 55866, id=115, 
length=60
         User-Name = "gwilliam"
         User-Password = "1qazxsw23edc@"
         NAS-IP-Address = 127.0.0.1
         NAS-Port = 0
# Executing section authorize from file 
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log]      expand: 
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> 
/var/log/freeradius/radacct/127.0.0.1/auth-detail-20111130
[auth_log] 
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d 
expands to /var/log/freeradius/radacct/127.0.0.1/auth-detail-20111130
[auth_log]      expand: %t -> Wed Nov 30 17:05:41 2011
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
++? if (!control:Auth-Type && User-Password)
? Evaluating !(control:Auth-Type ) -> TRUE
? Evaluating (User-Password) -> TRUE
++? if (!control:Auth-Type && User-Password) -> TRUE
++- entering if (!control:Auth-Type && User-Password) {...}
+++[control] returns noop
++- if (!control:Auth-Type && User-Password) returns noop
[ntlm_auth]     expand: --username=%{mschap:User-Name} -> 
--username=gwilliam
[ntlm_auth]     expand: --password=%{User-Password} -> 
--password=1qazxsw23edc@
Exec-Program output: NT_STATUS_OK: Success (0x0)
Exec-Program-Wait: plaintext: NT_STATUS_OK: Success (0x0)
Exec-Program: returned: 0
++[ntlm_auth] returns ok
[suffix] No '@' in User-Name = "gwilliam", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.  
Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = ntlm_auth
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group ntlm_auth {...}
*[ntlm_auth]     expand: --username=%{mschap:User-Name} -> 
--username=gwilliam
[ntlm_auth]     expand: --password=%{User-Password} -> 
--password=1qazxsw23edc@
Exec-Program output: NT_STATUS_OK: Success (0x0)
Exec-Program-Wait: plaintext: NT_STATUS_OK: Success (0x0)*
Exec-Program: returned: 0
++[ntlm_auth] returns ok
# Executing section post-auth from file 
/etc/freeradius/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 115 to 127.0.0.1 port 55866
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 115 with timestamp +34
Ready to process requests.

_*when I do the test using mschap radtest-t is when the key is erroneous*_
/radtest -t mschap gwilliam 1qazxsw23edc@ localhost 0 testing123/

rad_recv: Access-Request packet from host 127.0.0.1 port 37155, id=130, 
length=116
         User-Name = "gwilliam"
         NAS-IP-Address = 127.0.0.1
         NAS-Port = 0
         MS-CHAP-Challenge = 0xd85c0848bec6df72
         MS-CHAP-Response = 
0x0001000000000000000000000000000000000000000000000000d6f2f97947a122925fa9019e04b04834cc4857db4a4d359f
# Executing section authorize from file 
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log]      expand: 
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> 
/var/log/freeradius/radacct/127.0.0.1/auth-detail-20111130
[auth_log] 
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d 
expands to /var/log/freeradius/radacct/127.0.0.1/auth-detail-20111130
[auth_log]      expand: %t -> Wed Nov 30 17:07:09 2011
++[auth_log] returns ok
++[chap] returns noop
[mschap] Found MS-CHAP attributes.  Setting 'Auth-Type  = mschap'
++[mschap] returns ok
++? if (!control:Auth-Type && User-Password)
? Evaluating !(control:Auth-Type ) -> FALSE
? Skipping (User-Password)
++? if (!control:Auth-Type && User-Password) -> FALSE
*[ntlm_auth]     expand: --username=%{mschap:User-Name} -> 
--username=gwilliam
[ntlm_auth]     expand: --password=%{User-Password} -> --password=
Exec-Program output: NT_STATUS_WRONG_PASSWORD: Wrong Password (0xc000006a)
Exec-Program-Wait: plaintext: NT_STATUS_WRONG_PASSWORD: Wrong Password 
(0xc000006a)
Exec-Program: returned: 1
++[ntlm_auth] returns reject*
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> gwilliam
  attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 1 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 1
Sending Access-Reject of id 130 to 127.0.0.1 port 37155
Waking up in 4.9 seconds.
Cleaning up request 1 ID 130 with timestamp +122
Ready to process requests.

My samba version is 3.5.8, my OS is ubuntu server version 11.04.
Thanks for you help.





Fin a la injusticia, LIBERTAD AHORA A NUESTROS CINCO COMPATRIOTAS QUE SE ENCUENTRAN INJUSTAMENTE EN PRISIONES DE LOS EEUU!
http://www.antiterroristas.cu
http://justiciaparaloscinco.wordpress.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20111130/e26c55ef/attachment.html>


More information about the Freeradius-Users mailing list