Hello, My issue is that I try to authenticate users against AD with MSCHAP (PEAP and MSCHAP v2 in the future). I can authenticate from the command line with ntml_auth : ntml_auth --username=toto --domain=krb.com => NT_STATUS_OK
When I try to test the config with radtest, I get few lines that I suspect to be wrong : /******** SNIP *******/ client command line : radtest [EMAIL PROTECTED] 192.168.0.2 1812 s3cr3t fedora-test .... rlm_realm: Looking up realm "kdr.com" for User-Name = "[EMAIL PROTECTED]" rlm_realm: No such realm "kdr.com" ... modcall[authorize]: module "files" returns ok for request 4 ... modcall entering group Auth-Type for request 4 rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: No MS-CHAP-Challenge in the request modcall[authorize]: module "mschap" returns reject for request 4 ... /******** SNIP *******/ Obviously I should remove the modules "files" or remove my user from the file "users". Then, it seems that a MS-CHAP-Challenge is missing. I reaaly don't know how to give a challenge to radtest nor which string to choose (a random one?). Concerning the LM/NT-Password, my guess is that the FreeRADIUS server does not ask AD which is the password. I also think that there is no link at all between AD and my FreeRADIUS server and that's a problem. (I had the line concerning ntml_auth uncommented in my radiusd.conf) Any help would be appreciated, Stephane - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
