Hi list, I just tried to upgrade FreeRADIUS to the latest version from git. My goal is to get the passchange feature working in the mschap module.
I am unable to get ntlm_auth to work in mschap. debug output, --- Debug: (0) mschap : expand: '--nt-response=%{%{mschap:NT-Response}:-00}' -> '--nt-response=4dc04bcfba6029f88cf3131d47ca2587132782979dcb7dc7' Debug: (0) mschap : executing cmd /usr/bin/ntlm_auth --request-nt-key --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} --challenge=%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00} Debug: (0) mschap : [0] /usr/bin/ntlm_auth Debug: (0) mschap : [1] --request-nt-key Debug: (0) mschap : [2] --username=vpntest Debug: (0) mschap : [3] --challenge=2546448021444870 Debug: (0) mschap : [4] --nt-response=4dc04bcfba6029f88cf3131d47ca2587132782979dcb7dc7 Debug: (0) mschap : Program output is ERROR: (0) ERROR: mschap : Abnormal child exit: No such file or directory Debug: (0) mschap : External script failed. ERROR: (0) ERROR: mschap : External script says: Debug: (0) mschap : FAILED: MS-CHAP2-Response is incorrect Debug: (0) modsingle[authenticate]: returned from mschap (rlm_mschap) for request 0 Debug: (0) [mschap] = reject Debug: (0) Failed to authenticate the user. Debug: (0) Using Post-Auth-Type Reject --- If i try a second time i get this, --- Debug: (1) mschap : expand: '--nt-response=%{%{mschap:NT-Response}:-00}' -> '--nt-response=090bacad01a113dd74007ed5845d5b0c7c8017bac80821dd' Debug: (1) mschap : executing cmd /usr/bin/ntlm_auth --request-nt-key --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} --challenge=%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00} Debug: (1) mschap : [0] /usr/bin/ntlm_auth Debug: (1) mschap : [1] --request-nt-key Debug: (1) mschap : [2] --username=vpntest Debug: (1) mschap : [3] --challenge=d9a8b4d1c188ae1b Debug: (1) mschap : [4] --nt-response=090bacad01a113dd74007ed5845d5b0c7c8017bac80821dd Debug: (1) mschap : Program output is ERROR: (1) ERROR: mschap : Abnormal child exit: No child processes Debug: (1) mschap : External script failed. ERROR: (1) ERROR: mschap : External script says: Debug: (1) mschap : FAILED: MS-CHAP2-Response is incorrect Debug: (1) modsingle[authenticate]: returned from mschap (rlm_mschap) for request 1 Debug: (1) [mschap] = reject Debug: (1) Failed to authenticate the user. Debug: (1) Using Post-Auth-Type Reject --- I am sure that the ntlm_auth file is at /usr/bin/ntlm_auth and if i run it manually with the expanded attributes i get the NT_KEY. root@freelab:/#/usr/bin/ntlm_auth --request-nt-key --username=vpntest --challenge=d9a8b4d1c188ae1b --nt-response=090bacad01a113dd74007ed5845d5b0c7c8017bac80821dd NT_KEY: 2066656E05C22F3A995AD9ECFED913D6 Any ideas? Kind Regards Bjarni - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html