Configuring FreeRADIUS to use ntlm_auth for MS-CHAP

Alan DeKok aland at deployingradius.com
Thu Aug 29 14:49:50 CEST 2019 

On Aug 29, 2019, at 8:29 AM, Linux Threads <linuxthreads at gmail.com> wrote:
> 
> after following
> http://deployingradius.com/documents/configuration/active_directory.html
> 
> and running:
> 
> radtest -t mschap myNT_user myNTpass 192.168.1.250 0 client-secret
> 
> freeradius -XX

  Hmm... ignoring all of the documentation.  That's not a good start.

> Thu Aug 29 13:29:50 2019 : Debug: (10)     modsingle[authorize]:
> returned from pap (rlm_pap)
> Thu Aug 29 13:29:50 2019 : Debug: (10)     [pap] = noop
> Thu Aug 29 13:29:50 2019 : Debug: (10)   } # authorize = ok
> Thu Aug 29 13:29:50 2019 : Debug: (10) Found Auth-Type = mschap
> Thu Aug 29 13:29:50 2019 : Debug: (10) # Executing group from file
> /etc/freeradius/3.0/sites-enabled/default
> Thu Aug 29 13:29:50 2019 : Debug: (10)   authenticate {
> Thu Aug 29 13:29:50 2019 : Debug: (10)     modsingle[authenticate]:
> calling mschap (rlm_mschap)
> Thu Aug 29 13:29:50 2019 : WARNING: (10) mschap: No Cleartext-Password
> configured.  Cannot create NT-Password
> Thu Aug 29 13:29:50 2019 : WARNING: (10) mschap: No Cleartext-Password
> configured.  Cannot create LM-Password
> Thu Aug 29 13:29:50 2019 : Debug: (10) mschap: Client is using
> MS-CHAPv1 with NT-Password
> Thu Aug 29 13:29:50 2019 : ERROR: (10) mschap: FAILED: No
> NT/LM-Password.  Cannot perform authentication
> Thu Aug 29 13:29:50 2019 : ERROR: (10) mschap: MS-CHAP2-Response is incorrect
> Thu Aug 29 13:29:50 2019 : Debug: (10)     modsingle[authenticate]:
> returned from mschap (rlm_mschap)
> Thu Aug 29 13:29:50 2019 : Debug: (10)     [mschap] = reject
> Thu Aug 29 13:29:50 2019 : Debug: (10)   } # authenticate = reject
> Thu Aug 29 13:29:50 2019 : Debug: (10) Failed to authenticate the user
> Thu Aug 29 13:29:50 2019 : Debug: (10) Using Post-Auth-Type Reject
> 
> I hate to ask but do you have any Ideas?

  What part of the debug messages are unclear?

  You did NOT follow the documentation.  If you had followed it, the test would have worked.

  So which part of the documentation did you skip?

  Alan DeKok.

More information about the Freeradius-Users mailing list