Active Directory Authentication problem with ppp

madal 30 madal30 at
Thu Jul 5 14:18:02 CEST 2012

hello all,
I am always getting this error, when I am trying to authenticate user against Active Directory 
ad_recv: Access-Request packet from host port 54512, id=249, length=151	Service-Type = Framed-User	Framed-Protocol = PPP	User-Name = "harry"	MS-CHAP-Challenge = 0x7437d73ff6b61e500d046b77a88ecf34	MS-CHAP2-Response = 0x3f0098a0a16cb193cbb58c495977aa125765000000000000000073a5f468c08966d100e3963f8763bcb764d450f23800cade	Calling-Station-Id = ""	NAS-IP-Address =	NAS-Port = 0# Executing section authorize from file /etc/raddb/sites-enabled/default+- entering group authorize {...}++[preprocess] returns ok++[chap] returns noop[mschap] Found MS-CHAP attributes.  Setting 'Auth-Type  = mschap'++[mschap] returns ok++[digest] returns noop[suffix] No '@' in User-Name = "harry", looking up realm NULL[suffix] No such realm "NULL"++[suffix] returns noop[eap] No EAP-Message, not doing EAP++[eap] returns noop[files] users: Matched entry DEFAULT at line 172++[files] returns ok++[expiration] returns noop++[logintime] returns noop[mschap] No Cleartext-Password configured.  Cannot create LM-Password.[mschap] No Cleartext-Password configured.  Cannot create NT-Password.[mschap] Creating challenge hash with username: harry[mschap] Told to do MS-CHAPv2 for harry with NT-Password[mschap] FAILED: No NT/LM-Password.  Cannot perform authentication.[mschap] FAILED: MS-CHAP2-Response is incorrect
Pacakages I have installed.samba.x86_64samba-client.x86_64samba-common.x86_64 samba-winbind.x86_64 samba-winbind-clients.x86_64  freeradius.x86_64radiusclient-ng-0.5.6-5.el6.x86_64
My /etc/pptp/option.pptpd is :
name pptpdrefuse-paprefuse-chaprefuse-mschaprequire-mschap-v2require-mppe-128ms-dns "/usr/bin/ntlm_auth --helper-protocol=ntlm-server-1"plugin radius.soplugin
And in /etc/radd/modules/mschap i have following mschap {         use_mppe = yes         require_encryption =yes        require_strong = yes       #with_ntdomain_hack = yesntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{Stripped-User-Name:-%{User-Name:-none}} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"}
AD connection is working well, if I do wbinfo -u it returns users from the AD. Both samba, nmb and winbind services are running. If I use only winbind without radius plugin it work but when I try to use radius plugin it complains the error I mentioned above. 
I have following this :
and this one :
All I am doing here is have a pptp server use radius and Active directory for authentication. I use freeraius so that I can do IP pool and other stuff. 
Any help or right direction would be great.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list