MSCHAP Auth fails
Andres Septer
andres.septer at navirec.com
Wed Apr 4 14:13:35 CEST 2012
# Executing group from file /etc/raddb/sites-enabled/packetfence
+- entering group MS-CHAP {...}
[mschap] Told to do MS-CHAPv1 with NT-Password
[mschap] expand: %{Stripped-User-Name} ->
[mschap] ... expanding second conditional
[mschap] expand: %{mschap:User-Name:-None} -> User001
[mschap] expand:
--username=%{%{Stripped-User-Name}:-%{mschap:User-Name:-None}} ->
--username=User001
[mschap] mschap1: 28
[mschap] expand: --challenge=%{mschap:Challenge:-00} ->
--challenge=28d302e62ccf7399
[mschap] expand: #ntresponse=%{mschap:NT-Response:-00} ->
#ntresponse=f7b8cd66af90b5791fb4b09421dbbf2cbed180e7e72304b5
Exec-Program output: Logon failure (0xc000006d)
Exec-Program-Wait: plaintext: Logon failure (0xc000006d)
Exec-Program: returned: 1
[mschap] External script failed.
[mschap] MS-CHAP-Response is incorrect.
++[mschap] returns reject
Failed to authenticate the user.
Login incorrect (mschap: External script says Logon failure
(0xc000006d)): [User001] (from client 127.0.0.1 port 0)
I would say, ntlm_auth is missing domain here. Where do you supply domain?
In configaration or with user name? Whitch form, user at domain or domain\user?
I would check those.
A.
More information about the Freeradius-Users
mailing list