Freeradius 2.1.12 Second LDAP Server

Beliars Fire beliarsfire at outlook.com
Mon Sep 16 15:54:13 CEST 2013


Hi,
 
thanks for the Help. Actually im decided to create a new VM and reinstall the complete Server. I`m following the complete How-To, but i`m getting two different Errors.
 
The First One is this:
 
It`s under the first Point: Configuring Authentification with Active Directory I`m startet the Samba and Kerberos Services und used this Command:
 
net join -U MyAdministrator

> Worked. I`m getting this Message: 
Using short domain name -- MYDomain
Joined 'UBUNTU' to realm 'MYDomain'
 
The next Step wbinfo -a user%password works too, but i`m getting this Error-Message:
 
Could not authenticate user Username%Password with plaintext password
challenge/response password authentication succeeded

Is this normal? How can I fix it? The Response seems to work correctly.
 
 
The Second One is this:
 
It`s the last Point on this Page: Configuring FreeRadius to use ntml_auth for MS-CHAP
 
In this Step, i must edit the following line with this text in the file: /etc/freeradius/modules/mschap
 
ntlm_auth = "/path/to/ntlm_auth --request-nt-key --username=%{mschap:User-Name:-None} --domain=%{%{mschap:NT-Domain}:-MYDOMAIN} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
 
But my default commented ntml_auth looks like this:
 
 ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} --challenge=%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00}"  
 
In my default ntlm_auth, the option "--domain=%{%{mschap:NT-Domain}:-MYDOMAIN}" is missing. Should i add it?
 
Actually i`m using my default uncommented ntlm_auth. So, i`m going to test the MS-CHAP authentification reuqest with this command:
 
$ radtest -t mschap bob hello localhost 0 testing123
 
And i`m getting this Error-Message:
 
Sending Access-Request of id 251 to 127.0.0.1 port 1812
 User-Name = "bob"
 NAS-IP-Address = 127.0.1.1
 NAS-Port = 0
 Message-Authenticator = 0x00000000000000000000000000000000
 MS-CHAP-Challenge = 0x01774f129c72245c
 MS-CHAP-Response = 0x000100000000000000000000000000000000000000000000000024ff68dcea66e8348622a45aa91804201f2102e9ecc0add6
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=251, length=38
 MS-CHAP-Error = "\000E=691 R
 
/etc/freeradius/users
 
First Line:
bob     Cleartext-Password := "hello" 
#
# Please read the documentation file ../doc/processing_users_file,
# or 'man 5 users' (after installing the server) for more information.
#
....
 
@Mathieu
Is there a current RADIUS-book that you can recommend?
 
-- BeliarsFire 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130916/6c3ed750/attachment.html>


More information about the Freeradius-Users mailing list