Please forgive my ignorance, but can you be a little bit more specific. I tried putting the following in the database:
mysql> select * from radcheck; +----+----------+------------------------+----+--------+ | id | UserName | Attribute | op | Value | +----+----------+------------------------+----+--------+ | 1 | temptest | Password | := | authme | | 2 | temptest | MS-CHAP-User-NTLM-Auth | == | No | +----+----------+------------------------+----+--------+ I added the following to dictionary: ATTRIBUTE MS-CHAP-User-NTLM-Auth 3003 string But I am still seeing the call made for ntlm authing: radius_xlat: 'temptest' rlm_sql (sql): sql_set_user escaped user --> 'temptest' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'temptest' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'temptest' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'temptest' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'temptest' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 4 rlm_sql (sql): No matching entry in the database for request from user [temptest] modcall[authorize]: module "sql" returns notfound for request 16 modcall: leaving group authorize (returns updated) for request 16 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 16 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 Processing the authenticate section of radiusd.conf modcall: entering group MS-CHAP for request 16 rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for temptest with NT-Password radius_xlat: Running registered xlat function of module mschap for string 'User-Name' radius_xlat: Running registered xlat function of module mschap for string 'Challenge' mschap2: d2 radius_xlat: Running registered xlat function of module mschap for string 'NT-Response' radius_xlat: '/usr/bin/ntlm_auth --request-nt-key --username=temptest --challenge=f323f6e00a6e7eef --nt-response=adbc3550e29c702918ea4c1a3f6a5811d1b58dbfcf3a21d2 --require-membership-of=DOMAIN+wifi-secure' Exec-Program: /usr/bin/ntlm_auth --request-nt-key --username=temptest --challenge=f323f6e00a6e7eef --nt-response=adbc3550e29c702918ea4c1a3f6a5811d1b58dbfcf3a21d2 --require-membership-of=DOMAIN+wifi-secure Exec-Program output: Logon failure (0xc000006d) Exec-Program-Wait: plaintext: Logon failure (0xc000006d) Exec-Program: returned: 1 rlm_mschap: External script failed. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect modcall[authenticate]: module "mschap" returns reject for request 16 modcall: leaving group MS-CHAP (returns reject) for request 16 I'm guessing that I need to put the MS-CHAP-User-NTLM-Auth somewhere else?? -- Chris Liles -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Thursday, May 18, 2006 8:31 PM To: FreeRadius users mailing list Subject: Re: peap with mysql "Chris Liles" <[EMAIL PROTECTED]> wrote: > How can I make the mschap module use both ntlm and mysql? If it gets a clear-text password, it should probably default to using that. For now, you can set the check item MS-CHAP-User-NTLM-Auth = No. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
