freeradius + ntlm_auth, broken?

Phil Mayers p.mayers at imperial.ac.uk
Fri Mar 9 10:31:22 CET 2012


On 03/08/2012 05:09 PM, Andres Septer wrote:
>
>> Check the winbind log files,
>
> Did that already. Nothing interesting there, only lines like
> [2012/03/08 14:32:17.115991,  3] winbindd/winbindd_misc.c:417(winbindd_priv_pipe_dir)
>    [25675]: request location of privileged pipe
> [2012/03/08 14:32:17.117136,  6] winbindd/winbindd.c:840(winbind_client_request_read)
>    closing socket 26, client exited
>
>> and perhaps try using "strace -f -p<freerad.pid>  -o log" to
>> watch process execution.
>
> I already did that to get the command line. When I run that line manually I get
> "login failed". T try to figure out how to capture actual ntlm_auth output from within
> freerad process. Also, where freeradd gets the values for parameters
>   MS-CHAP-Challenge = 0xd50bd065d4215da9
>          MS-CHAP-Response = 0x00010000000000000000000000000000000000000000000000001e7c77d05691cb2822a6670bf0b458e251c4ef170a2c2fff
> ?
> Those seem to be wrong. When I use them manually from command line I get "login failed"

If you mean you're taking the value of the challenge & response and 
passing them straight to ntlm_auth, you can't do that; it doesn't work. 
There is intermediate processing that is done before calling ntlm_auth.

Maybe the client is broken, but maybe not. What is the client?


More information about the Freeradius-Users mailing list