Problem solved: ntlm_auth of Samba 3.2.0 seems not to work with Freeradius 2.0.5. After downgrading Samba to 3.0.29 everything is fine again.
Dietmar -------- Original-Nachricht -------- > Datum: Mon, 07 Jul 2008 16:40:35 +0200 > Von: [EMAIL PROTECTED] > An: FreeRadius users mailing list <[email protected]>, > [email protected] > Betreff: Re: EAP/peap: MSCHAP Success > Hmm, it is in fact doing many access-challenges, but the one I have sent > it the last one... There is no access-accept (and no reject). > > > Dietmar > > > -------- Original-Nachricht -------- > > Datum: Mon, 07 Jul 2008 15:29:24 +0100 > > Von: "Ivan Kalik" <[EMAIL PROTECTED]> > > An: "FreeRadius users mailing list" > <[email protected]> > > Betreff: Re: EAP/peap: MSCHAP Success > > > That's because it's doing EAP mschapv2 not plain mschap. It's normal > > to get a couple more Challenge-Requests before process is over. > > > > Ivan Kalik > > Kalik Informatika ISP > > > > > > Dana 7/7/2008, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> piše: > > > > >Hello, > > > > > >I have some problems with freeradius 2.0.5 and ntlm_auth: ntlm_auth > seems > > to authenticate successful, but freeradius is sending another > > access-challenge istead of access-accept. Finally, authentication fails. > > > > > >Any ideas? > > > > > >Thanks, > > > Dietmar > > > > > > > > >rad_recv: Access-Request packet from host x.x.x.x port 32770, id=29, > > length=323 > > > User-Name = "xxxx" > > > Calling-Station-Id = "00-aa-aa-aa-aa-aa" > > > Called-Station-Id = "bb-bb-bb-bb-bb-bb:abcd" > > > NAS-Port = 29 > > > NAS-IP-Address = x.x.x.x > > > NAS-Identifier = "xxxx" > > > Airespace-Wlan-Id = 1 > > > Service-Type = Framed-User > > > Framed-MTU = 1300 > > > NAS-Port-Type = Wireless-802.11 > > > Tunnel-Type:0 = VLAN > > > Tunnel-Medium-Type:0 = IEEE-802 > > > Tunnel-Private-Group-Id:0 = "111" > > > EAP-Message = > > > 0x020800901900170301002068300aa7af68cd11d993c8573581cfda02004335dd25b185c1caa58932f2c445170301006099a8478aa1f46aaee96b7280da1a3112f767ad35f728c5011d8328935379ce01eaf5a2b8bacd04a3ff66b08517d524b80e09809b94ae7720e5de155cb5d9ef20ffbd207bef659afb95d25c15b9898b401ff7eac15cd25109681c5150b976c6bc > > > State = 0x7641829c70499b7e3361ddd3f9666230 > > > Message-Authenticator = 0xc43073f681146021f4c82a9d2d1ce165 > > >+- entering group authorize > > >++[preprocess] returns ok > > >++[mschap] returns noop > > > rlm_realm: No '@' in User-Name = "xxxx", looking up realm NULL > > > rlm_realm: No such realm "NULL" > > >++[suffix] returns noop > > > rlm_eap: EAP packet type response id 8 length 144 > > > rlm_eap: Continuing tunnel setup. > > >++[eap] returns ok > > > rad_check_password: Found Auth-Type EAP > > >auth: type "EAP" > > >+- entering group authenticate > > > rlm_eap: Request found, released from the list > > > rlm_eap: EAP/peap > > > rlm_eap: processing type peap > > > rlm_eap_peap: Authenticate > > > rlm_eap_tls: processing TLS > > > eaptls_verify returned 7 > > > rlm_eap_tls: Done initial handshake > > > eaptls_process returned 7 > > > rlm_eap_peap: EAPTLS_OK > > > rlm_eap_peap: Session established. Decoding tunneled attributes. > > > rlm_eap_peap: EAP type mschapv2 > > > PEAP: Setting User-Name to yyyy\xxxx > > >+- entering group authorize > > >++[preprocess] returns ok > > >++[mschap] returns noop > > > rlm_realm: No '@' in User-Name = "yyyy\xxxx", looking up realm NULL > > > rlm_realm: No such realm "NULL" > > >++[suffix] returns noop > > > rlm_eap: EAP packet type response id 8 length 73 > > > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation > > >++[eap] returns updated > > > users: Matched entry DEFAULT at line 1 > > > users: Matched entry DEFAULT at line 460 > > >++[files] returns ok > > >++[expiration] returns noop > > >++[logintime] returns noop > > >rlm_pap: WARNING! No "known good" password found for the user. > > Authentication may fail because of this. > > >++[pap] returns noop > > > rad_check_password: Found Auth-Type EAP > > >auth: type "EAP" > > >+- entering group authenticate > > > rlm_eap: Request found, released from the list > > > rlm_eap: EAP/mschapv2 > > > rlm_eap: processing type mschapv2 > > >+- entering group MS-CHAP > > > rlm_mschap: No Cleartext-Password configured. Cannot create > > LM-Password. > > > rlm_mschap: No Cleartext-Password configured. Cannot create > > NT-Password. > > > rlm_mschap: Told to do MS-CHAPv2 for xxxx with NT-Password > > > expand: --domain=%{mschap:NT-Domain} -> --domain=yyyyyy > > > expand: --username=%{mschap:User-Name:-None} -> --username=xxxx > > > mschap2: b0 > > > expand: --challenge=%{mschap:Challenge:-00} -> > > --challenge=8fc3f2bd3e12c979 > > > expand: --nt-response=%{mschap:NT-Response:-00} -> > > --nt-response=9c59f2bc45acacb2fe7b4068cb014b9aed12664f7135d064 > > >Exec-Program output: NT_KEY: 09360732CEED74278E86C2D9A9EBB694 > > >Exec-Program-Wait: plaintext: NT_KEY: 09360732CEED74278E86C2D9A9EBB694 > > >Exec-Program: returned: 0 > > >rlm_mschap: adding MS-CHAPv2 MPPE keys > > >++[mschap] returns ok > > >MSCHAP Success > > >++[eap] returns handled > > > PEAP: Got tunneled Access-Challenge > > >++[eap] returns handled > > >Sending Access-Challenge of id 29 to x.x.x.x port 32770 > > > EAP-Message = > > > 0x0109005b190017030100508b5c946b956210b83f4d4dc1110d22be38775b1fab7e98154dc59571b3e81b6d2f4c06139ebfbaeae78d6b41cd6ef643f1a67d56b96bf669bbb0aab6e6df36281122e5b85d6a1543990e7cd0d61523ed > > > Message-Authenticator = 0x00000000000000000000000000000000 > > > State = 0x7641829c71489b7e3361ddd3f9666230 > > >Finished request 17. > > >- > > >List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > > > > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
