>>On Wed, 28 Jul 2004, Willey Kurt D wrote: >> I have FreeRADIUS (1.0.0-pre2) doing user authentication with W2K AD >> (peap, mschap, ldap, ntlm_auth); thanks to the archived posts for the >> help!! >> >> I want to use user authentication for non-domain machines (students, >> home laptops, etc - done) and machine authentication for those in active >> directory (our computers). >> >> I modified the ldap attribs to check servicePrincipalName >> (host\computername) but of course the machine doesn't send a password >> for mschap...
>What does the machine send anyway? If you can answer that you can probably >find out a way to authorize these calls. >Kostas Kalevras Network Operations Center >[EMAIL PROTECTED] National Technical University of Athens, Greece >Work Phone: +30 210 7721861 Here is the log of the failed try... The server is trying to use mschap; do I need to force it to another authentication? I am guessing yes... what do I use without breaking the user-based auth I have set up and working? THANKS!! rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=ambrose,dc=sau,dc=edu, with filter (&(servicePrincipalName=host/sauvxy5n.ambrose.sau.edu)(objectcategory=cn =computer,cn=schema,cn=configuration,dc=ambrose,dc=sau,dc=edu)) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user host/sauvxy5n.ambrose.sau.edu authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 6 modcall: group authorize returns updated for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 Processing the authenticate section of radiusd.conf modcall: entering group Auth-Type for request 6 rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for host/sauvxy5n.ambrose.sau.edu with NT-Password rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect modcall[authenticate]: module "mschap" returns reject for request 6 modcall: group Auth-Type returns reject for request 6 rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns reject for request 6 modcall: group authenticate returns reject for request 6 auth: Failed to validate the user. PEAP: Tunneled authentication was rejected. rlm_eap_peap: FAILURE - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
