Freeradius with Active Directory
Prashant A
dev1278977 at gmail.com
Mon Jun 16 14:06:04 CEST 2014
Hi All,
I have followed the guide for integrating freeradius with active
directory which is mentioned here,
http://deployingradius.com/documents/configuration/active_directory.html
So finally,
radtest -t mschap prashant Active at 123 localhost 0 testing123
Gives me following output
Sending Access-Request Id 40 from 0.0.0.0:54825 to 127.0.0.1:1812
User-Name = 'prashant'
NAS-IP-Address = 127.0.1.1
NAS-Port = 0
Message-Authenticator = 0x00
MS-CHAP-Challenge = 0x42b125cb7f6408b4
MS-CHAP-Response =
0x0001000000000000000000000000000000000000000000000000c82b9abb20333db96efcb1f93beb602b39ebbd007a8c0392
Received Access-Accept Id 40 from 127.0.0.1:1812 to 127.0.0.1:54825
length 84
MS-CHAP-MPPE-Keys = 0x
MS-MPPE-Encryption-Policy = Encryption-Allowed
MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
But when I try to login from webpage I am getting following response
(0) mschap : Client is using MS-CHAPv2
(0) mschap : Executing: /usr/bin/ntlm_auth --request-nt-key
--username=%{mschap:User-Name:-None}
--domain=%{%{mschap:NT-Domain}:-mycompany.local}
--challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}
(0) mschap : EXPAND --username=%{mschap:User-Name:-None}
(0) mschap : --> --username=prashant
(0)*ERROR: mschap : No NT-Domain was found in the User-Name*
(0) mschap : EXPAND --domain=%{%{mschap:NT-Domain}:-mycompany.local}
(0) mschap : --> --domain=mycompany.local
(0) mschap : Creating challenge hash with username: prashant
(0) mschap : EXPAND --challenge=%{mschap:Challenge:-00}
(0) mschap : --> --challenge=e5d49180d36eb904
(0) mschap : EXPAND --nt-response=%{mschap:NT-Response:-00}
*(0) mschap : -->
--nt-response=0000000e0000000000000000000000000000000000000000**
**(0) ERROR: mschap : Program returned code (1) and output 'Logon
failure (0xc000006d)'*
(0) mschap : External script failed.
(0) ERROR: mschap : External script says: Logon failure (0xc000006d)
(0) ERROR: mschap : MS-CHAP2-Response is incorrect
(0) [mschap] = reject
(0) } # Auth-Type MS-CHAP = reject
Can somebody help me to understand what exactly the issue. I am using
FreeRADIUS Version 3.0.3 and Samba version 3.6.3.
Thanks & Regards,
Prashant
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140616/868ab953/attachment.html>
More information about the Freeradius-Users
mailing list