unknown CA when trying to authenticate

Tyler Montney montneytyler at gmail.com
Mon Feb 22 23:11:32 CET 2021


I've made the configuration changes outlined How to Install and Configure
Freeradius With Active Directory Allow Allow Specific Group of Users to
Authenticate in Debian 10 - My Blog - For Fun (stevedong.com)
<https://blog.stevedong.com/post/how-to-install-and-configure-freeradius-with-active-directory-allow-allow-specific-group-of-users-to-authenticate-in-debian-10/#install-freeradius>
starting
at "Grant Permission" and ending at "Configure freeradius-ldap Auth with
AD" with testing with radtest. radtest -t mschap <user> <password>
localhost 0 testing123 fails ('The attempted logon is invalid. This is
either due to a bad username or authentication information. (0xc000006d)')
but radtest <domain_accout> <password> localhost 0 testing123 succeeds.

On Mon, Feb 22, 2021 at 12:55 PM Alan DeKok <aland at deployingradius.com>
wrote:

>
>
> > On Feb 22, 2021, at 1:34 PM, Tyler Montney <montneytyler at gmail.com>
> wrote:
> >
> > I guess there was a bit more configuration to setting up radius on
> Windows
> > than I thought. Thanks to Windows 10, a lot of the old dialogs are
> > hidden/harder to get to.
>
>   That's good.
>
> > When connecting, I am now seeing "mschap: WARNING: No ClearText-Password
> > configured. Cannot create NT-Password/LM-Password."
>
>   I'm wondering why you're only giving the minimum possible description
> for everything you do.
>
>   Where are the users stored?  What format is their passwords in?  What
> configuration changes did you make to the server?
>
>   All of that is relevant.  Until you decide to start giving more
> information, this will be a slow and painful process for everyone.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list