Re: ntlm_auth fails for none domain

Thu, 01 Jul 2010 20:28:40 -0700 

Hi, 
It is the whole debug info. I think the problem is we could not get the default 
domain name "xjtu".
 
 
Listening on authentication address * port 1812
Listening on command file /usr/local/var/run/radiusd/radiusd.sock
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 10.155.20.85 port 32807, id=118, 
length=125
 Service-Type = Authorize-Only
 NAS-Port-Type = Wireless-802.11
 User-Name = "hhe"
 MS-CHAP-Challenge = 0xd764c8cce93255c4478d7aa05d83f3ea
 MS-CHAP2-Response = 
0x9c00a2b7249b043e23cd2866211bff3783d60000000000000000924fed02a24dee7533a7b9af370e858e1b798d9151617838
 NAS-IP-Address = 10.155.20.85
+- entering group authorize {...}
++[chap] returns noop
[mschap] Found MS-CHAP attributes.  Setting 'Auth-Type  = mschap'
++[mschap] returns ok
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[ldap] performing user authorization for hhe
[ldap]  expand: (sAMAccountName=%{mschap:User-Name}) -> (sAMAccountName=hhe)
[ldap]  expand: OU=Domain Controllers,dc=xjtu,dc=cn -> OU=Domain 
Controllers,dc=xjtu,dc=cn
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] attempting LDAP reconnection
  [ldap] (re)connect to 10.155.3.250:389, authentication 0
  [ldap] bind as [email protected]/w2006njh to 10.155.3.250:389
  [ldap] waiting for bind result ...
  [ldap] Bind was successful
  [ldap] performing search in OU=Domain Controllers,dc=xjtu,dc=cn, with filter 
(sAMAccountName=hhe)
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP.  Are you sure that the 
user is configured correctly?
[ldap] user hhe authorized to use remote access
  [ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
[pap] WARNING! No "known good" password found for the user.  Authentication may 
fail because of this.
++[pap] returns noop
Found Auth-Type = MSCHAP
+- entering group MS-CHAP {...}
[mschap] Told to do MS-CHAPv2 for hhe with NT-Password
[mschap] No NT-Domain was found in the User-Name.

[mschap]  expand: --domain=%{mschap:NT-Domain:-xjtu} -> --domain=

[mschap]  expand: --username=%{mschap:User-Name:-None} -> --username=hhe
[mschap]  mschap2: d7
[mschap]  expand: --challenge=%{mschap:Challenge:-00} -> 
--challenge=cf5ba32b520debdd
[mschap]  expand: --nt-response=%{mschap:NT-Response:-00} -> 
--nt-response=924fed02a24dee7533a7b9af370e858e1b798d9151617838
Exec-Program output: No such user (0xc0000064) 
Exec-Program-Wait: plaintext: No such user (0xc0000064) 
Exec-Program: returned: 1
[mschap] External script failed.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
Failed to authenticate the user.
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.6 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 118 to 10.155.20.85 port 32807
 MS-CHAP-Error = "\234E=691 R=1"
Waking up in 4.9 seconds.
Cleaning up request 0 ID 118 with timestamp +33
Ready to process requests.
 


--- 10年7月1日,周四, Alan DeKok <[email protected]> 写道:


发件人: Alan DeKok <[email protected]>
主题: Re: ntlm_auth fails for none domain
收件人: "FreeRadius users mailing list" <[email protected]>
日期: 2010年7月1日,周四,下午2:02


John wrote:
> "xjtu" is our default domain, for users under this domain will only use
> username to authenticate to RADIUS. With 1.1.6, it will get "xjtu" as
> domain; But with 2.1.9, it will not, please see the debug info below.

  You have deleted nearly all of the debug information, including the
information we need to help you.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



      
Listening on authentication address * port 1812
Listening on command file /usr/local/var/run/radiusd/radiusd.sock
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 10.155.20.85 port 32807, id=118, 
length=125
        Service-Type = Authorize-Only
        NAS-Port-Type = Wireless-802.11
        User-Name = "hhe"
        MS-CHAP-Challenge = 0xd764c8cce93255c4478d7aa05d83f3ea
        MS-CHAP2-Response = 
0x9c00a2b7249b043e23cd2866211bff3783d60000000000000000924fed02a24dee7533a7b9af370e858e1b798d9151617838
        NAS-IP-Address = 10.155.20.85
+- entering group authorize {...}
++[chap] returns noop
[mschap] Found MS-CHAP attributes.  Setting 'Auth-Type  = mschap'
++[mschap] returns ok
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[ldap] performing user authorization for hhe
[ldap]  expand: (sAMAccountName=%{mschap:User-Name}) -> (sAMAccountName=hhe)
[ldap]  expand: OU=Domain Controllers,dc=xjtu,dc=cn -> OU=Domain 
Controllers,dc=xjtu,dc=cn
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] attempting LDAP reconnection
  [ldap] (re)connect to 10.155.3.250:389, authentication 0
  [ldap] bind as [email protected]/w2006njh to 10.155.3.250:389
  [ldap] waiting for bind result ...
  [ldap] Bind was successful
  [ldap] performing search in OU=Domain Controllers,dc=xjtu,dc=cn, with filter 
(sAMAccountName=hhe)
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP.  Are you sure that the 
user is configured correctly?
[ldap] user hhe authorized to use remote access
  [ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
[pap] WARNING! No "known good" password found for the user.  Authentication may 
fail because of this.
++[pap] returns noop
Found Auth-Type = MSCHAP
+- entering group MS-CHAP {...}
[mschap] Told to do MS-CHAPv2 for hhe with NT-Password
[mschap] No NT-Domain was found in the User-Name.
[mschap]        expand: --domain=%{mschap:NT-Domain:-xjtu} -> --domain=
[mschap]        expand: --username=%{mschap:User-Name:-None} -> --username=hhe
[mschap]  mschap2: d7
[mschap]        expand: --challenge=%{mschap:Challenge:-00} -> 
--challenge=cf5ba32b520debdd
[mschap]        expand: --nt-response=%{mschap:NT-Response:-00} -> 
--nt-response=924fed02a24dee7533a7b9af370e858e1b798d9151617838
Exec-Program output: No such user (0xc0000064) 
Exec-Program-Wait: plaintext: No such user (0xc0000064) 
Exec-Program: returned: 1
[mschap] External script failed.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
Failed to authenticate the user.
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.6 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 118 to 10.155.20.85 port 32807
        MS-CHAP-Error = "\234E=691 R=1"
Waking up in 4.9 seconds.
Cleaning up request 0 ID 118 with timestamp +33
Ready to process requests.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to