MS-CHAP2-Response is incorrect

Alan DeKok aland at deployingradius.com
Wed Sep 1 23:25:32 CEST 2021


On Sep 1, 2021, at 2:56 PM, Pennington, Daniel J <pennind1 at universalleaf.com> wrote:
> Our FreeRadius to Active Directory authentication is no longer working. It was working up until about a month ago, we upgraded the domain controller from 2008r2 to 2012r2.

  "new security rules".  See this for more information about magical Samba settings:

https://wiki.samba.org/index.php/Authenticating_Freeradius_against_Active_Directory

> After that we started having issues when people connecting to the VPN would get “Access denied – wrong user name or password”. Even though the server never appeared to lose domain connection, adding the FreeRadius server back to the domain with “net join” would band aid it for a week and then the same error message would come up. However that band aid hasstopped working.

  I'd put this down to magical Samba && AD interaction.  Unfortunately, we don't control either, so there isn't a lot we can do.

  Alan DeKok.




More information about the Freeradius-Users mailing list