FreeRADIUS 3.0 : mschap module fails to execute ntlm_auth

Bjarni Hardarson freeradius at hardarson.se
Fri Jun 7 16:46:25 CEST 2013


Hi list,

I just tried to upgrade FreeRADIUS to the latest version from git. My goal is to get the passchange feature working in the mschap module.

I am unable to get ntlm_auth to work in mschap.

debug output,

---
Debug: (0) mschap :  expand: '--nt-response=%{%{mschap:NT-Response}:-00}' -> '--nt-response=4dc04bcfba6029f88cf3131d47ca2587132782979dcb7dc7'
Debug: (0) mschap : executing cmd /usr/bin/ntlm_auth --request-nt-key --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} --challenge=%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00}
Debug: (0) mschap :  [0] /usr/bin/ntlm_auth
Debug: (0) mschap :  [1] --request-nt-key
Debug: (0) mschap :  [2] --username=vpntest
Debug: (0) mschap :  [3] --challenge=2546448021444870
Debug: (0) mschap :  [4] --nt-response=4dc04bcfba6029f88cf3131d47ca2587132782979dcb7dc7
Debug: (0) mschap : Program output is
ERROR: (0) ERROR: mschap : Abnormal child exit: No such file or directory
Debug: (0) mschap : External script failed.
ERROR: (0) ERROR: mschap : External script says:
Debug: (0) mschap : FAILED: MS-CHAP2-Response is incorrect
Debug: (0)   modsingle[authenticate]: returned from mschap (rlm_mschap) for request 0
Debug: (0)   [mschap] = reject
Debug: (0) Failed to authenticate the user.
Debug: (0) Using Post-Auth-Type Reject
---

If i try a second time i get this,

---
Debug: (1) mschap :  expand: '--nt-response=%{%{mschap:NT-Response}:-00}' -> '--nt-response=090bacad01a113dd74007ed5845d5b0c7c8017bac80821dd'
Debug: (1) mschap : executing cmd /usr/bin/ntlm_auth --request-nt-key --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} --challenge=%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00}
Debug: (1) mschap :  [0] /usr/bin/ntlm_auth
Debug: (1) mschap :  [1] --request-nt-key
Debug: (1) mschap :  [2] --username=vpntest
Debug: (1) mschap :  [3] --challenge=d9a8b4d1c188ae1b
Debug: (1) mschap :  [4] --nt-response=090bacad01a113dd74007ed5845d5b0c7c8017bac80821dd
Debug: (1) mschap : Program output is
ERROR: (1) ERROR: mschap : Abnormal child exit: No child processes
Debug: (1) mschap : External script failed.
ERROR: (1) ERROR: mschap : External script says:
Debug: (1) mschap : FAILED: MS-CHAP2-Response is incorrect
Debug: (1)   modsingle[authenticate]: returned from mschap (rlm_mschap) for request 1
Debug: (1)   [mschap] = reject
Debug: (1) Failed to authenticate the user.
Debug: (1) Using Post-Auth-Type Reject
---

I am sure that the ntlm_auth file is at /usr/bin/ntlm_auth and if i run it manually with the expanded attributes i get the NT_KEY.

root at freelab:/#/usr/bin/ntlm_auth --request-nt-key --username=vpntest --challenge=d9a8b4d1c188ae1b --nt-response=090bacad01a113dd74007ed5845d5b0c7c8017bac80821dd
NT_KEY: 2066656E05C22F3A995AD9ECFED913D6

Any ideas?

Kind Regards
Bjarni



More information about the Freeradius-Users mailing list