MSCHAP Errors

sgilmour sgilmour at enterasys.com
Mon May 14 20:02:05 CEST 2012


Thanks James will do.
After doing more testing rather than doing PEAP authentication I attempted
to do TLS Authentication.  When I did TLS authentication my TLS User
authenticated just fine and I was able to receive an access-accept.  When
doing PEAP Authentication my PEAP user will fail with an access-reject
leaving me to believe it has something to do with the MSCHAP module.  I anm
still investigating.
Thanks
Scott

On Mon, May 14, 2012 at 1:55 PM, James J J Hooper [via FreeRadius] <
ml-node+s1045715n5709347h23 at n5.nabble.com> wrote:

> On 11/05/2012 13:35, Phil Mayers wrote:
>
> > On 11/05/12 13:10, sgilmour wrote:
> >
> >> --nt-response=46eb0f981a6121ad65e5726b0ee0e2097d610172204c7f24
> >> Fri May 11 08:08:13 2012 : Debug: Exec-Program output: Access denied
> >> (0xc0000022)
> >> Fri May 11 08:08:13 2012 : Debug: Exec-Program-Wait: plaintext: Access
> >> denied (0xc0000022)
> >> Fri May 11 08:08:13 2012 : Debug: Exec-Program: returned: 1
> >> Fri May 11 08:08:13 2012 : Info: [mschap] External script failed.
> >> Fri May 11 08:08:13 2012 : Info: [mschap] FAILED: MS-CHAP2-Response is
> >> incorrect
> >
> >
> > The "ntlm_auth" helper is returning errors. Try the command from the CLI
> > and examine the output. Check the permissions on the winbind socket
> > (google for details) and SELinux contexts, if applicable.
>
> AD can return 0xc0000022 when for example the domain controller
> ntlm_auth/winbind is talking to can not contact the PDC. If you are
> continuing to have issues, and have completed Phil's suggestions, check
> the logs on your domain controllers for anomalies.
>
> -James
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> ------------------------------
>  If you reply to this email, your message will be added to the discussion
> below:
>
> http://freeradius.1045715.n5.nabble.com/MSCHAP-Errors-tp5702886p5709347.html
>  To unsubscribe from MSCHAP Errors, click here<http://freeradius.1045715.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=5702886&code=c2dpbG1vdXJAZW50ZXJhc3lzLmNvbXw1NzAyODg2fDczMDY1MTY5NQ==>
> .
> NAML<http://freeradius.1045715.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>



-- 

Scott Gilmour | SQA Engineer

Enterasys Networks | A Siemens Enterprise Communications Company

Office: 978.684.1236

Email: sgilmour at enterasys.com


--
View this message in context: http://freeradius.1045715.n5.nabble.com/MSCHAP-Errors-tp5702886p5709355.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120514/4f36a8b7/attachment.html>


More information about the Freeradius-Users mailing list