MSCHAPv2 fails to authenticate against OpenDirectory with error 5100 (0x13ec)
Alan Egerton
eggyal at gmail.com
Wed Jun 10 18:15:39 CEST 2015
On Wed, Jun 10, 2015 at 1:49 PM, Alan DeKok <aland at deployingradius.com> wrote:
> I suggest trying to install 3.0.8. We've put more messages into the module which *should* help track down exactly what's going wrong.
Okay, to attempt with 3.0.8 I did the following:
1. Downloaded and extracted
ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-3.0.8.tar.gz
2. Reversed the logic on line 363 of
src/modules/rlm_opendirectory/rlm_opendirectory.c: rad_getgid() is
defined in lines 1419 to 1437 of src/main/util.c, and clearly returns
0 on success rather than error—this file appears to assume the
reverse, and was leading to erroneous claims that the SACL did not
exist.
3. ./configure --with-experimental-modules
4. Added "#define WITH_OPEN_DIRECTORY 1" to
src/modules/rlm_mschap/config.h (there doesn't appear to be a
configure option for it).
5. make && make install
6. Uncommented "use_open_directory = yes" in
/usr/local/etc/raddb/mods-available/mschap
7. sudo /usr/local/sbin/radiusd -X
But I now see the following error:
(8) eap_mschapv2: Auth-Type MS-CHAP {
(8) mschap: WARNING: No Cleartext-Password configured. Cannot create
NT-Password
(8) mschap: WARNING: No Cleartext-Password configured. Cannot create
LM-Password
(8) mschap: No NT-Password configured. Trying OpenDirectory Authentication
(8) mschap: OD username_string = testuser, OD shortUserName=testuser
(length = 8)
rlm_mschap: authentication failed -14091
(8) [mschap] = reject
(8) } # Auth-Type MS-CHAP = reject
I don't know whether this is the same problem as that which I was
previously experiencing under v2.2.0 (the error code is obviously
different), but in any event this error is no more meaningful to me
than before... so I'm just as stuck!
Grateful for any further thoughts or suggestions.
Kind regards,
Alan
More information about the Freeradius-Users
mailing list