FreeRADIUS using Active Directory integration broken without any traces

Sebastian Hagedorn Hagedorn at uni-koeln.de
Mon Sep 29 15:28:13 CEST 2014


Hi,

--On 26. September 2014 19:54:23 +0000 Vinícius Ferrão 
<ferrao at if.ufrj.br> wrote:

> But RADIUS fails when doing EAP-PEAP authentication, and running
> FreeRADIUS in debug mode this is the error message:
>
># (9) mschap : Executing: /usr/local/bin/ntlm_auth --request-nt-key
># --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}}
># --challenge=%{%{mschap:Challenge}:-00}
># --nt-response=%{%#{mschap:NT-Response}:-00} (9) mschap : EXPAND
># --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} (9) mschap :
># --> --username=ferrao
># (9) mschap : Creating challenge hash with username: ferrao
># (9) mschap : EXPAND --challenge=%{%{mschap:Challenge}:-00}
># (9) mschap :    --> --challenge=082e8ba7b848aaae
># (9) mschap : EXPAND --nt-response=%{%{mschap:NT-Response}:-00}
># (9) mschap :    -->
># --nt-response=27b40a6d1dba1b4acfd33aff5c710a43e70d050269087bf1 (9)
># ERROR: mschap : Program returned code (1) and output 'Reading winbind
># reply failed! (0xc0000001)' (9) mschap : External script failed.
># (9) ERROR: mschap : External script says: Reading winbind reply failed!
># (0xc0000001) (9) ERROR: mschap : MS-CHAP2-Response is incorrect
># (9)   [mschap] = reject
># (9)  } # Auth-Type MS-CHAP = reject
># (9) eap : Freeing handler
># (9)   [eap] = reject
># (9)  } #  authenticate = reject
># (9) Failed to authenticate the user.
># (9) Login incorrect (mschap: Program returned code (1) and output
># 'Reading winbind reply failed! (0xc0000001)'): [ferrao/<via Auth-Type =
># EAP>] (from client 192.168.0.0/26 port 0 via TLS tunnel)
>
> So something is wrong with Winbind and FreeRADIUS, and I don't know what.

check the archives:

<http://lists.freeradius.org/pipermail/freeradius-users/2012-May/061047.html>
-- 
    .:.Sebastian Hagedorn - Weyertal 121 (Gebäude 133), Zimmer 2.02.:.
                 .:.Regionales Rechenzentrum (RRZK).:.
   .:.Universität zu Köln / Cologne University - ✆ +49-221-470-89578.:.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pkcs7-signature
Size: 5313 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140929/4f8e120b/attachment.bin>


More information about the Freeradius-Users mailing list