> > root@FREERADIUS:/etc/freeradius# ntlm_auth --username=0024D6650564 > > --password=Pa$$w0rd > > NT_STATUS_OK: Success (0x0) > > root@FREERADIUS:/etc/freeradius# ntlm_auth --username=0024D670F3A6 > > --password=Pa$$w0rd > > NT_STATUS_OK: Success (0x0) > > root@FREERADIUS:/etc/freeradius# ntlm_auth --username=0024D6650564 > > --password=Pa$$w0rd > > NT_STATUS_OK: Success (0x0) > > > > The password Pa$$w0rd is set in the Wireless Controller, if > thats what you > > mean by mschap client?
May I suggest two things: 1) I'm assuming that the password is not actually 'Pa$$w0rd', but that string reminds me that certain special characters - the dollar sign is a notable one - are not always handled correctly in password strings. Even if FreeRADIUS is handling it correctly, AD may not, and the wireless controller may not. I suggest setting the password to something simpler. If your password policy requires special characters, use dash, equals, underscore, or dot. I have used passwords with these characters successfully when authenticating via EAP/PEAP through FreeRADIUS and then on through MSCHAPv2 to AD via ntlm_auth. (Same chain as you.) 2) Even if you are confident that your real password's characters are not a problem, re-enter it on the wireless controller, MANUALLY. You may have accidentally entered an unprintable character or a space or some similar thing that causes the password to APPEAR to be correct, when in fact it doesn't match. --J - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
