LDAP / mschap Error

Alan Buxey A.L.M.Buxey at lboro.ac.uk
Thu Aug 25 11:44:42 CEST 2016


ignoring the object not found LDAP error...... (as obviously, if using local windows login names
you may have issues with what their local name is and what your AD/LDAP names are...) your main problem is obviously here:

[mschap]        expand: --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} -> --username=CORNET\\Administrator
[mschap] Creating challenge hash with username: Administrator
[mschap]        expand: %{mschap:Challenge} -> 4adcd405e7337023
[mschap]        expand: --challenge=%{%{mschap:Challenge}:-00} -> --challenge=4adcd405e7337023
[mschap]        expand: %{mschap:NT-Response} -> 47dddb601f337b40cbedc92fe89619468b70254dd2a7590e
[mschap]        expand: --nt-response=%{%{mschap:NT-Response}:-00} -> --nt-response=47dddb601f337b40cbedc92fe89619468b70254dd2a7590e
Exec output: Logon failure (0xc000006d)
Exec plaintext: Logon failure (0xc000006d)
[mschap] Exec: program returned: 1
[mschap] External script failed.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] = reject

the output of debug is clearly showing you this..... so, as the RELAM wasnt known...it hasnt been stripped
therefore Stripped-User-Name is the same as User-Name.... and is something that either you need
to verify that realm is your AD one... or, you need to handle this. 

it'll probably work if you simply use


instead of Stripped-User-Name or User-Name.....


More information about the Freeradius-Users mailing list