freeRADIUS -> AD Auth (<100kb)

A.L.M.Buxey at A.L.M.Buxey at
Wed Aug 13 20:19:03 CEST 2014


> > It now fails with:
> > [pap] WARNING! No "known good" password found for the user. 
> > Authentication may fail because of this.

no. thats way up near the top. the real failure is much much further down:

[mschapv2] # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel                                                                          
[mschapv2] +- entering group MS-CHAP {...}                                                                                                                 
[mschap] Creating challenge hash with username: hausmeister at oblan                                                                                          
[mschap] Told to do MS-CHAPv2 for hausmeister at oblan with NT-Password
[mschap]        expand: %{User-Name} -> hausmeister at oblan                                                                                                  
[mschap]        expand: --username==%{%{User-Name}:-None}} -> --username==hausmeister at oblan}                                                               
Exec-Program output: Password: NT_STATUS_NO_SUCH_USER: No such user (0xc0000064)                                                                           
Exec-Program-Wait: plaintext: Password: NT_STATUS_NO_SUCH_USER: No such user (0xc0000064)                                                                  
Exec-Program: returned: 1                                                                                                                                  
[mschap] External script failed.                                                                                                                           
[mschap] FAILED: MS-CHAP2-Response is incorrect                                                                                                            
++[mschap] returns reject  

I would change your User-Name call in the tnlm_auth to Stripped-User-Name


More information about the Freeradius-Users mailing list