Sudden User Authentication Rejection as a result Compatibility - error
Alan DeKok
aland at deployingradius.com
Tue Feb 24 16:40:36 CET 2015
On Feb 24, 2015, at 8:47 AM, Clement Ogedengbe <c.ogedengbe at worc.ac.uk> wrote:
> I have now tested the server with eapol_test (without certificate validation) and it failed. I tested using the eaptest config below (PEAP & TTLS) : (I have masked out userid & password).
That’s bad.
> EAP-MSCHAPV2: Received success
> EAP-MSCHAPV2: Invalid authenticator response in success request
That’s the problem.
Why does it happen?
> [mschap_ad] Creating challenge hash with username: uwjrstest
> [mschap_ad] expand: --challenge=%{mschap_ad:Challenge:-00} -> --challenge=eb2123a7a496e886
> [mschap_ad] expand: --nt-response=%{mschap_ad:NT-Response:-00} -> --nt-response=4619af06b81d1426e5c7921fe751e5f46b7ee3456b3b0c7f
> Exec-Program output: NT_KEY: 51C1A08577E4ECDBBD59863E8B0BF5BD
> Exec-Program-Wait: plaintext: NT_KEY: 51C1A08577E4ECDBBD59863E8B0BF5BD
ntlm_auth is giving the wrong response to FreeRADIUS.
i.e. the problem isn’t FreeRADIUS.
Re-start Samba, winbindd, etc. Then try it again. It should work.
If it doesn’t, upgrade Samba to a version that works. Or (sad to say) downgrade it to a version that works.
Alan DeKok.
More information about the Freeradius-Users
mailing list