Are you talking about this:
#ntlm_auth = "/path/to/ntlm_auth --request-nt-key
--username=%{Stripped-User-Name:-%{User-Name:-None}}
--challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
????
There is no other way to perform authentication on the Domain Controller ?
Regards,
Hugo Sousa
SysAdmin / NetworkAdmin
http://www.netsystems.pt
Portugal
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Michael
Griego
Sent: sexta-feira, 10 de Setembro de 2004 17:30
To: [EMAIL PROTECTED]
Subject: Re: rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
For the type of configuration you're trying to use (PEAP/EAP-MSCHAPv2 with
Active Directory), you'll need to use the ntlm_auth hooks in the mschap
module.
--Mike
On Fri, 2004-09-10 at 11:12, Hugo Sousa wrote:
> Continuing my quest to integrate freeradius with Active Directory.
> here goes another problem!
>
> Did anyone already had this problem?
>
>
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for hugo.sousa
> radius_xlat: '(sAMAccountName=hugo.sousa)'
> radius_xlat: 'dc=office,dc=netsystems,dc=PT'
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in dc=office,dc=netsystems,dc=PT, with
> filter (sAMAccountName=hugo.sousa)
> rlm_ldap: looking for check items in directory...
> rlm_ldap: looking for reply items in directory...
> rlm_ldap: user hugo.sousa authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
> modcall[authorize]: module "ldap" returns ok for request 7
> modcall: group authorize returns updated for request 7
> rad_check_password: Found Auth-Type EAP
> auth: type "EAP"
> Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 7
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/mschapv2
> rlm_eap: processing type mschapv2
> Processing the authenticate section of radiusd.conf
> modcall: entering group Auth-Type for request 7
> rlm_mschap: No User-Password configured. Cannot create LM-Password.
> rlm_mschap: No User-Password configured. Cannot create NT-Password.
> rlm_mschap: Told to do MS-CHAPv2 for hugo.sousa with NT-Password
> rlm_mschap: FAILED: No NT/LM-Password. Cannot perform
> authentication.
> rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
> modcall[authenticate]: module "mschap" returns reject for request 7
> modcall: group Auth-Type returns reject for request 7
> rlm_eap: Freeing handler
> modcall[authenticate]: module "eap" returns reject for request 7
> modcall: group authenticate returns reject for request 7
> auth: Failed to validate the user.
> PEAP: Tunneled authentication was rejected.
> rlm_eap_peap: FAILURE
>
>
>
> Regards,
>
> Hugo Sousa
> SysAdmin / NetworkAdmin
> http://www.netsystems.pt
> Portugal
--
--Mike
-----------------------------------
Michael Griego
Wireless LAN Project Manager
The University of Texas at Dallas
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
