AW: MSCHAP Auth fails

Weber, Felix Felix.Weber at swmr.de
Wed Apr 4 14:24:17 CEST 2012


Tested both at radtest USER at DOMAIN and DOMAIN\\USER, nothing worked.
Configured krb5.conf and smb.conf with domain and local ntlm_auth works fine on the machine.
And in mschap module this line has beed added:
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name:-None} --domain=%{%{mschap:NT-Domain}:-SWMNT} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
-----Ursprüngliche Nachricht-----
Von: freeradius-users-bounces+felix.weber=swmr.de at lists.freeradius.org [mailto:freeradius-users-bounces+felix.weber=swmr.de at lists.freeradius.org] Im Auftrag von Andres Septer
Gesendet: Mittwoch, 4. April 2012 14:14
An: FreeRadius users mailing list
Betreff: RE: MSCHAP Auth fails



# Executing group from file /etc/raddb/sites-enabled/packetfence
+- entering group MS-CHAP {...}
[mschap] Told to do MS-CHAPv1 with NT-Password
[mschap]        expand: %{Stripped-User-Name} ->
[mschap]        ... expanding second conditional
[mschap]        expand: %{mschap:User-Name:-None} -> User001
[mschap]        expand:
--username=%{%{Stripped-User-Name}:-%{mschap:User-Name:-None}} ->
--username=User001
[mschap]  mschap1: 28
[mschap]        expand: --challenge=%{mschap:Challenge:-00} ->
--challenge=28d302e62ccf7399
[mschap]        expand: #ntresponse=%{mschap:NT-Response:-00} ->
#ntresponse=f7b8cd66af90b5791fb4b09421dbbf2cbed180e7e72304b5
Exec-Program output: Logon failure (0xc000006d)
Exec-Program-Wait: plaintext: Logon failure (0xc000006d)
Exec-Program: returned: 1
[mschap] External script failed.
[mschap] MS-CHAP-Response is incorrect.
++[mschap] returns reject
Failed to authenticate the user.
Login incorrect (mschap: External script says Logon failure
(0xc000006d)): [User001] (from client 127.0.0.1 port 0)

I would say, ntlm_auth is missing domain here. Where do you supply domain? 
In configaration or with user name? Whitch form, user at domain or domain\user?
I would check those.

A.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list