Radtest doesn't do MSCHAP. Use different client: http://jradius.org/wiki/index.php/JRadiusSimulator
Ivan Kalik Kalik Informatika ISP Dana 14/9/2007, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> piše: >Ok, Alan: > >Thanks ... It works ... > >Now I am trying to "Configuring my FreeRadius to use ntlm_auth for >MS-CHAP" to authenticate my NT users, ok ? > >After that I configure the radiusd.conf file with the necessary changes >(about ntlm_auth), I am trying to test the authenticate with a valid user of >my NT Domain >(by radtest) and the FreeRadius reject it. > >The output of my FreeRadius´s console: > >[EMAIL PROTECTED] /usr/local/etc/raddb]# radtest copel\charles password >localhost 0 testfreeradius >Sending Access-Request of id 123 to 127.0.0.1 port 1812 > User-Name = "copelcharles" > User-Password = "password" > NAS-IP-Address = 255.255.255.255 > NAS-Port = 0 >rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=123, length=20 > >The complete output of Radiusd -X: > >Ready to process requests. >rad_recv: Access-Request packet from host 127.0.0.1:52444, id=67, >length=64 > User-Name = "copelcharles" > User-Password = "password" > NAS-IP-Address = 255.255.255.255 > NAS-Port = 0 > Processing the authorize section of radiusd.conf >modcall: entering group authorize for request 0 > modcall[authorize]: module "preprocess" returns ok for request 0 > modcall[authorize]: module "chap" returns noop for request 0 > modcall[authorize]: module "mschap" returns noop for request 0 > rlm_realm: No '@' in User-Name = "copelcharles", looking up realm NULL > rlm_realm: No such realm "NULL" > modcall[authorize]: module "suffix" returns noop for request 0 > rlm_eap: No EAP-Message, not doing EAP > modcall[authorize]: module "eap" returns noop for request 0 > users: Matched entry DEFAULT at line 153 > modcall[authorize]: module "files" returns ok for request 0 >rlm_pap: WARNING! No "known good" password found for the user. >Authentication may fail because of this. > modcall[authorize]: module "pap" returns noop for request 0 >modcall: leaving group authorize (returns ok) for request 0 > rad_check_password: Found Auth-Type System >auth: type "System" > Processing the authenticate section of radiusd.conf >modcall: entering group authenticate for request 0 > modcall[authenticate]: module "unix" returns notfound for request 0 >modcall: leaving group authenticate (returns notfound) for request 0 >auth: Failed to validate the user. >Delaying request 0 for 1 seconds >Finished request 0 >Going to the next request >--- Walking the entire request list --- >Waking up in 1 seconds... >--- Walking the entire request list --- >Waking up in 1 seconds... >--- Walking the entire request list --- >Sending Access-Reject of id 67 to 127.0.0.1 port 52444 >Waking up in 4 seconds... >--- Walking the entire request list --- >Cleaning up request 0 ID 67 with timestamp 46ea9900 >Nothing to do. Sleeping until we see a request. >rad_recv: Access-Request packet from host 127.0.0.1:50643, id=123, >length=64 > User-Name = "copelcharles" > User-Password = "password" > NAS-IP-Address = 255.255.255.255 > NAS-Port = 0 > Processing the authorize section of radiusd.conf >modcall: entering group authorize for request 1 > modcall[authorize]: module "preprocess" returns ok for request 1 > modcall[authorize]: module "chap" returns noop for request 1 > modcall[authorize]: module "mschap" returns noop for request 1 > rlm_realm: No '@' in User-Name = "copelcharles", looking up realm NULL > rlm_realm: No such realm "NULL" > modcall[authorize]: module "suffix" returns noop for request 1 > rlm_eap: No EAP-Message, not doing EAP > modcall[authorize]: module "eap" returns noop for request 1 > users: Matched entry DEFAULT at line 153 > modcall[authorize]: module "files" returns ok for request 1 >rlm_pap: WARNING! No "known good" password found for the user. >Authentication may fail because of this. > modcall[authorize]: module "pap" returns noop for request 1 >modcall: leaving group authorize (returns ok) for request 1 > rad_check_password: Found Auth-Type System >auth: type "System" > Processing the authenticate section of radiusd.conf >modcall: entering group authenticate for request 1 > modcall[authenticate]: module "unix" returns notfound for request 1 >modcall: leaving group authenticate (returns notfound) for request 1 >auth: Failed to validate the user. >Delaying request 1 for 1 seconds >Finished request 1 >Going to the next request >--- Walking the entire request list --- >Waking up in 1 seconds... >--- Walking the entire request list --- >Waking up in 1 seconds... >--- Walking the entire request list --- >Sending Access-Reject of id 123 to 127.0.0.1 port 50643 >Waking up in 4 seconds... >--- Walking the entire request list --- >Cleaning up request 1 ID 123 with timestamp 46ea9dec >Nothing to do. Sleeping until we see a request. > >My samba is ok , I get to authenticate this user by "ntlm_auth" command >line. > >Any Idea ? >Thanks, >Charles. > > > > > >Alan DeKok <[EMAIL PROTECTED]> >Enviado Por: [EMAIL PROTECTED] >14/09/2007 10:32 >Favor responder a FreeRadius users mailing list > > > Para: FreeRadius users mailing list > <[email protected]> > cc: > cco: Charles Alcantara Borba/COPEL > Assunto: Re: Configuring FreeRADIUS to use ntlm_auth > > >[EMAIL PROTECTED] wrote: >> After I configure the users file with "user Auth-Type := >> ntlm_auth" (for testing purposes only), my FreeRadius don´t start and >> show the followings errors: >> >> /usr/local/etc/raddb/users[1]: Parse error (check) for entry user: >> Unknown value ntlm_auth for attribute Auth-Type > > You also have to list "ntlm_auth" in the "authenticate" section. > > Alan DeKok. >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
