Help troubleshooting No EAP session matching...

Dave Aldwinckle daldwinc at
Fri Sep 16 17:07:19 CEST 2016

That did it!

  radiusd[28517]: (1691)   Login incorrect (mschap: Program returned 
code (1) and output 'Logon failure (0xc000006d)'): [someuser] (from 
client port 0 via TLS tunnel)


On 16-09-16 10:46 AM, Matthew Newton wrote:
> On Fri, Sep 16, 2016 at 10:37:13AM -0400, Dave Aldwinckle wrote:
>> Off-topic, but related: This particular bit "&Module-Failure-Message :=
>> &request:Module-Failure-Message" is populated with the first ERROR that the
>> mschap module spits out, which for us is always "No NT-Domain was found in
>> the User-Name." Since none of our User-Names have NT domains in them, the
>> message is confusing. Is there any way to include the other errors? "Program
>> returned code (1) and output 'Logon failure (0xc000006d)" would be a good
>> one:
>> (72) mschap: Creating challenge hash with username: nstestnexus at
>> (72) mschap: Client is using MS-CHAPv2
>> (72) mschap: Executing: /usr/bin/ntlm_auth --request-nt-key
>> --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}}
>> --domain=%{%{mschap:NT-Domain}:-NEXUS}
> Set this to "--domain=NEXUS" instead? It's the expansion of the
> mschap:NT-Domain that's causing the error.
> You should be able to get the other errors by looking at
> &Module-Failure-Message[1], &Module-Failure-Message[2], etc, I
> think?
> Matthew

More information about the Freeradius-Users mailing list