[EMAIL PROTECTED] wrote:
Hi there, this is an old issue, but AFAIAC hasn't been solved yet, that's why
I'm asking for help with this problem which is driving me crazy.
In the first attempt the user has checked the option "Automatically use my Windows
logon name and password (and domain if any)", user account is valid in the domain
and is not locked out, however user authentication fails.
In the next attempt the user has unchecked this option, so everytime he connects to the network he has to type his credentials in. After clicking "Connect" he gets access.
Why if Windows sends the same user information only in the latter case user is
able to get in?
Exec-Program: /opt/samba/bin/ntlm_auth --request-nt-key --domain=DOMAIN
--username=testuser --challenge=c61ad7019723b68d
--nt-response=70fb1b0438208667d0bac6eb895ea8644b413566785d5785
Exec-Program output: Logon failure (0xc000006d)
Exec-Program-Wait: plaintext: Logon failure (0xc000006d)
Exec-Program: returned: 1
rlm_mschap: External script failed.
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
modcall[authenticate]: module "mschap" returns reject for request 7
It failed because the client returned the wrong challenge
Exec-Program: /opt/samba/bin/ntlm_auth --request-nt-key --domain=DOMAIN
--username=testuser --challenge=aea3ef9fe78f8ac2
--nt-response=8c6a735e29ed7cddb8c02ae601424aca79d115544324731d
Exec-Program output: NT_KEY: 12047FA4AC9D0AA0F53475F2FA2D03AF
Exec-Program-Wait: plaintext: NT_KEY: 12047FA4AC9D0AA0F53475F2FA2D03AF
Exec-Program: returned: 0
modcall[authenticate]: module "mschap" returns ok for request 16
modcall: leaving group MS-CHAP (returns ok) for request 16
MSCHAP Success
Whereas that worked.
It looks to me as if you've edited the debug output so I can't be sure,
but I'd suggest looking at the client - the radius server is configured
correctly. Perhaps the client is not in fact logging on to the laptop
with the correct username and password.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
