(freeradius 3) I'm trying to integrate freeradius with active directory in cenos 7.
Marcelo Martinez
marcelo.martinez at nexa.com.uy
Fri Sep 23 15:18:04 CEST 2016
(0) mschap : Client is using MS-CHAPv1 with NT-Password
Executing: /usr/bin/ntlm_auth --request-nt-key
--username=%{mschap:User-Name:-None} --domain=%{%{mschap:NT-Domain}:-TEST}
--challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}:
(0) mschap : EXPAND --username=%{mschap:User-Name:-None}
(0) mschap : --> --username=Administrator
(0) ERROR: mschap : No NT-Domain was found in the User-Name
(0) mschap : EXPAND --domain=%{%{mschap:NT-Domain}:-TEST}
(0) mschap : --> --domain=TEST
(0) mschap : mschap1: 17
(0) mschap : EXPAND --challenge=%{mschap:Challenge:-00}
(0) mschap : --> --challenge=1727510430eb23ac
(0) mschap : EXPAND --nt-response=%{mschap:NT-Response:-00}
(0) mschap : -->
--nt-response=a3ef84d919b3671900fd909461ed833b69c4e1ed39cd251d
Program returned code (1) and output 'Reading winbind reply failed!
(0xc0000001)'
(0) mschap : External script failed
(0) ERROR: mschap : External script says: Reading winbind reply failed!
(0xc0000001)
(0) ERROR: mschap : MS-CHAP-Response is incorrect
(0) [mschap] = reject
(0) } # Auth-Type MS-CHAP = reject
(0) Failed to authenticate the user
(0) Using Post-Auth-Type Reject
(0) # Executing group from file /etc/raddb/sites-enabled/default
(0) Post-Auth-Type REJECT {
(0) attr_filter.access_reject : EXPAND %{User-Name}
(0) attr_filter.access_reject : --> Administrator
(0) attr_filter.access_reject : Matched entry DEFAULT at line 11
(0) [attr_filter.access_reject] = updated
(0) eap : Request didn't contain an EAP-Message, not inserting EAP-Failure
(0) [eap] = noop
(0) remove_reply_message_if_eap remove_reply_message_if_eap {
(0) if (&reply:EAP-Message && &reply:Reply-Message)
(0) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
(0) else else {
(0) [noop] = noop
(0) } # else else = noop
(0) } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(0) } # Post-Auth-Type REJECT = updated
(0) Delaying response for 1 seconds
Waking up in 0.9 seconds.
(0) Sending delayed response
(0) Sending Access-Reject packet to host 127.0.0.1 port 53971, id=134,
length=0
(0) MS-CHAP-Error = '\000E=691 R=1'
Sending Access-Reject Id 134 from 127.0.0.1:1812 to 127.0.0.1:53971
MS-CHAP-Error = '\000E=691 R=1'
Waking up in 3.9 seconds.
(0) Cleaning up request packet ID 134 with timestamp +43
Ready to process requests
On Fri, Sep 23, 2016 at 10:09 AM, Alan DeKok-2 [via FreeRADIUS] <
ml-node+s1045715n5742701h15 at n5.nabble.com> wrote:
> On Sep 23, 2016, at 9:03 AM, Marcelo Martinez <[hidden email]
> <http:///user/SendEmail.jtp?type=node&node=5742701&i=0>> wrote:
> > Alan was right, the problem was my /etc/hosts.
> > I added an entry for my hostname ponited to localhost and the problem is
> > fixed:
>
> Good.
>
> > radtest Administrator nexa.2016 localhost 1234 testing123
> > Sending Access-Request Id 80 from 0.0.0.0:37002 to 127.0.0.1:1812
> > User-Name = 'Administrator'
> > User-Password = 'password'
> > NAS-IP-Address = 127.0.0.1
> > NAS-Port = 1234
> > Message-Authenticator = 0x00
> > Received Access-Reject Id 80 from 127.0.0.1:1812 to 127.0.0.1:37002
> length
> > 20
> > (0) -: Expected Access-Accept got Access-Reject
> >
> > However I can't authenticate.
> >
> > "(0) -: Expected Access-Accept got Access-Reject"
> >
> > Any tip?
>
> If only the server produced some kind of debug log which showed you what
> it was doing.
>
> Alan DeKo,
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
>
> ------------------------------
> If you reply to this email, your message will be added to the discussion
> below:
> http://freeradius.1045715.n5.nabble.com/freeradius-3-I-m-
> trying-to-integrate-freeradius-with-active-directory-in-cenos-7-
> tp5742598p5742701.html
> To unsubscribe from FreeRADIUS, click here
> <http://freeradius.1045715.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=2740692&code=bWFyY2Vsby5tYXJ0aW5lekBuZXhhLmNvbS51eXwyNzQwNjkyfC0xNzQ0NzUzNjYy>
> .
> NAML
> <http://freeradius.1045715.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>
More information about the Freeradius-Users
mailing list