AD authentication fails - plaintext auth succeeds but challenge/response fails
Kev Xlr
kevxlre at gmail.com
Fri Aug 16 03:18:47 CEST 2019
I am configuring FreeRADIUS for MSCHAP authentication against our Active
Directory domain, following the guides on
http://deployingradius.com/documents/configuration/active_directory.html
and
https://wiki.freeradius.org/guide/FreeRADIUS-Active-Directory-Integration-HOWTO
When I get to the point to run wbinfo -a user%password as detailed in the
wiki, wbinfo returns the response:
plaintext password authentication succeeded
challenge/response password authentication failed
Could not authenticate user %user with challenge/response
This is the opposite of the expected behaviour, as AD should fail plaintext
password auth and ALLOW challenge/response password auth!
Obviously FreeRADIUS PAP works but any MSCHAP tests fail because there is
no challenge/response
I checked all samba and winbind logs but I cannot find anywhere in the logs
referring to such tests and failures
Where should I direct my troubleshooting?
Thanks
More information about the Freeradius-Users
mailing list