MSCHAP No logon servers are currently available (again, but solved)
uj2.hahn at posteo.de
uj2.hahn at posteo.de
Wed Nov 16 13:18:45 UTC 2022
Hi, all!
I refer to this older thread with same subject:
https://lists.freeradius.org/pipermail/freeradius-users/2021-August/100519.html
I run into a similar issue and like to share the way I solved it:
I implemented a Freeradius/AD solution some years ago in a school.
(Win10 clients, MS server/AD in Azure cloud)
This had been working fine all the time, but after the school installed
some Microsoft updates to their clients
Freeradius stopped working. No authorization was possible.
I debugged it down to above error message when I run ntlm_auth manually
(saw same message in FR debug log).
Somehow the communication between Ubuntu based FR server and Windows
server/AD was broken now.
My guess was the the updated Windows environment needs an improved
communication protocol with higher
security level.
So I upgraded Ubuntu to version 22.04 LTS to get a more recent Samba
version (4.15.9).
But this didn't help.
I modified smb.conf as described in
https://wiki.samba.org/index.php/Authenticating_Freeradius_against_Active_Directory
,
but this didn't help neither.
Also a reboot of the FR Ubuntu server didn't help.
But then I rejoined FR server to domain:
net join -U admin (will prompt for password).
The FR server has been part of the domain for years. But somehow this
got broken.
Not sure which of the actions above was root cause, but the "net join"
command was finally the key. So don't forget
it even though think you did it earlier already .
Just to help others in case they run in same issue.
Regards
Uwe
More information about the Freeradius-Users
mailing list