MSCHAP Machine/User Authentication with Windows

Stefan Paetow Stefan.Paetow at jisc.ac.uk
Mon May 11 10:04:51 CEST 2015


> (8) eap_mschapv2 :  Auth-Type MS-CHAP {
> (8) mschap : Creating challenge hash with username: host/win81-ops.in.testdomain
> (8) mschap : Client is using MS-CHAPv2
> (8) mschap : Executing: /usr/bin/ntlm_auth --request-nt-key
> --username=%{mschap:User-Name:-None}
> --domain=%{%{mschap:NT-Domain}:-TESTDOMAIN}
> --challenge=%{mschap:Challenge:-00}
> --nt-response=%{mschap:NT-Response:-00}
> (8) mschap : EXPAND --username=%{mschap:User-Name:-None}
> (8) mschap :    --> --username=win81-ops$
> (8) mschap : EXPAND --domain=%{%{mschap:NT-Domain}:-TESTDOMAIN}
> (8) mschap :    --> --domain=in
> (8) mschap : Creating challenge hash with username: host/win81-ops.in.testdomain
> (8) mschap : EXPAND --challenge=%{mschap:Challenge:-00}
> (8) mschap :    --> --challenge=4d7bb6f00f0d7a38
> (8) mschap : EXPAND --nt-response=%{mschap:NT-Response:-00}
> (8) mschap :    -->
> --nt-response=d0dd725641db826ddf168b4b2144c203e6d3280c10fec229
> (8) ERROR: mschap : Program returned code (1) and output 'Logon
> failure (0xc000006d)'
> (8) mschap : External script failed.
> (8) ERROR: mschap : External script says: Logon failure (0xc000006d)
> (8) ERROR: mschap : MS-CHAP2-Response is incorrect

What *should* the username be? "host/win81-ops.in.testdomain"? If so, your User-Name that's being passed to ntlm_auth is incorrect.

You'll notice from the above output that mschap believes the username should be 'win81-ops', and the domain should be 'in'. I suspect that's wrong...

:-)

Stefan Paetow
Moonshot Industry & Research Liaison Coordinator

t: +44 (0)1235 822 125
gpg: 0x3FCE5142
xmpp: stefanp at jabber.dev.ja.net
skype: stefan.paetow.janet
Lumen House, Library Avenue, Harwell Oxford, Didcot, OX11 0SG

jisc.ac.uk
 
Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.
Jisc Collections and Janet Ltd. is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under Company No. number 2881024, VAT No. GB 197 0632 86. The registered office is: Lumen House, Library Avenue, Harwell, Didcot, Oxfordshire, OX11 0SG. T 01235 822200.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150511/e01afa04/attachment.sig>


More information about the Freeradius-Users mailing list