Need help: login incorrect with FR 2.2.1
Fajar A. Nugraha
list at fajar.net
Fri May 17 00:25:08 CEST 2013
On Fri, May 17, 2013 at 2:09 AM, Wang, Yu <ywang10 at fsu.edu> wrote:
>
> Hello,
>
>
>
> I upgraded FR from 2.1.10 to 2.2.1. Everything went well except about 25% of our wireless users cannot authenticate after the upgrade. The backend authentication server is Active Directory and we use ntlm_auth from winbind to pass MSCHAPv2 response from FR to AD.
> rlm_perl: Added pair NT-Password = 0x4444333431333443313741333642433142444136383333324232323239443431
> [pap] Normalizing NT-Password from hex encoding
Just curious. Does ALL the failed user have NT-Password attribute
added by rlm_perl?
IIRC the reason for using ntlm_auth is that AD would NOT give out
NT-Passowrd when running in LDAP mode. Or to put it another way, if
you had access to NT-Password (e.g. stored in another database,
whatever), then you won't need ntlm_auth at all.
If fo DO use ntlm_auth (which I don't see from the debug log), try
removing NT-Password from the list of attributes added by rlm_perl. My
guess is whatever your rlm_perl data source is out of sync with your
AD.
--
Fajar
More information about the Freeradius-Users
mailing list