MS-CHAP2-Response is incorrect

L.P.H. van Belle belle at
Thu Sep 2 09:02:18 CEST 2021

You can post your problem to the samba list if you want help with this. 
Below sounds to me your missing 

    winbind refresh tickets = yes 

> -----Oorspronkelijk bericht-----
> Van: Freeradius-Users 
> [ at lists.freerad] Namens Alan DeKok
> Verzonden: woensdag 1 september 2021 23:26
> Aan: FreeRadius users mailing list
> Onderwerp: Re: MS-CHAP2-Response is incorrect
> On Sep 1, 2021, at 2:56 PM, Pennington, Daniel J 
> <pennind1 at> wrote:
> > Our FreeRadius to Active Directory authentication is no 
> longer working. It was working up until about a month ago, we 
> upgraded the domain controller from 2008r2 to 2012r2.
>   "new security rules".  See this for more information about 
> magical Samba settings:
> inst_Active_Directory
> > After that we started having issues when people connecting 
> to the VPN would get “Access denied – wrong user name or 
> password”. Even though the server never appeared to lose 
> domain connection, adding the FreeRadius server back to the 
> domain with “net join” would band aid it for a week and then 
> the same error message would come up. However that band aid 
> hasstopped working.
>   I'd put this down to magical Samba && AD interaction.  
> Unfortunately, we don't control either, so there isn't a lot 
> we can do.

Sadly correct yes. Ah.. It save you time Alan ;-) 

>   Alan DeKok.



More information about the Freeradius-Users mailing list