eter de Groot <[EMAIL PROTECTED]> wrote:
> I am trying to autheticate against a different domain that than the
> samba server is joined to.. should be ok ??
Probably not.
> [EMAIL PROTECTED] raddb]# ntlm_auth --request-nt-key
> --domain=admin4182 --username=e2052982
> password:
> NT_STATUS_OK: Success (0x0)
That's nice, but it's not what the server is doing:
> radius_xlat: '/usr/bin/ntlm_auth --request-nt-key --username=e2052982
> --domain=ADMIN4182 --challenge=7801a84637ef5c68
> --nt-response=4f77faa8137d60ae186c5f910fea83f936dbd827ac54f757'
What happens when you run the above command from the command line?
Alan DeKok.
Thanks for the reply .... I re-ran the connect and then copy and pasted onto
the command line from the (radiusd -X ) log..
[EMAIL PROTECTED] raddb]#
[EMAIL PROTECTED] raddb]#
[EMAIL PROTECTED] raddb]# /usr/bin/ntlm_auth --request-nt-key --username=e2052982 --domain=ADMIN4182 --challenge=6151ad29f27eff47
--nt-response=01e42eabc464bf9915883d804457069d4702d95534ce4d53
Logon failure (0xc000006d)
[EMAIL PROTECTED] raddb]#
[EMAIL PROTECTED] raddb]#
Not good. :-( .. but they do give me the domain option .. so it "should" be
ok. ?
.
.
.
Sorry ... couple more idiot (newbie) questions ....
I am using PEAP with MSCHAPv2 .. and (I think) according to the how-tos .. I do
NOT need
ANY certificate(s) on the client PC... Is this correct ??.... or, if not ..
which certificate(s) are
REQUIRED on the PC... ?? I am using tinyCA with the OID extra bits for the XP
extensions.
Is this an error in the following certficate stuff ??
.
.
.
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept:
SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept:
SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0927], Certificate TLS_accept:
SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
In SSL Handshake Phase
In SSL Accept mode eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
.
.
.
.
IS the following significant ... ?? It seems to say it cannot create the
password ??
modcall: entering group MS-CHAP for request 7
rlm_mschap: No User-Password configured. Cannot create LM-Password.
rlm_mschap: No User-Password configured. Cannot create NT-Password.
rlm_mschap: Told to do MS-CHAPv2 for e2052982 with NT-Password
Thanks
Peter de Groot
Windows Re-Installation Engineer
Eastern Goldfields College
Ph 08) 90801800 Fax 08) 90801866 Mob 0418915312
http://egshs.wa.edu.au
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
