That copy and paste issue came quite often on the list. Maybe you (or someone else) should fix the documentation and send Inverse a patch...
FG On 2013-07-24 9:47 AM, Morris, Andi wrote: > > Apologies, I had missed a hyphen out of my mschap config in the > –nt-response section. > > Andi > > *From:*Morris, Andi [mailto:amor...@cardiffmet.ac.uk] > *Sent:* 24 July 2013 13:34 > *To:* packetfence-users@lists.sourceforge.net > *Subject:* [PacketFence-users] Freeradius ms-chap2 response incorrect > > Hi all, > > Recently upgraded to 4.0.3 but I’m struggling to get my authentication > to AD via FreeRadius working properly. I have followed the admin > guide, my ntlm_auth and radtest tests result in success. However using > the same username and password combo that I used in the ntlm_auth test > through freeradius results in rejection. > > I’ve attached a full debug output, but I think the key section is: > > # Executing group from file > /usr/local/pf/raddb//sites-enabled/packetfence-tunnel > > +- entering group authenticate {...} > > [eap] Request found, released from the list > > [eap] EAP/mschapv2 > > [eap] processing type mschapv2 > > [mschapv2] # Executing group from file > /usr/local/pf/raddb//sites-enabled/packetfence-tunnel > > [mschapv2] +- entering group MS-CHAP {...} > > [mschap] Creating challenge hash with username: sm18818 > > [mschap] Client is using MS-CHAPv2 for sm18818, we need NT-Password > > [mschap] expand: %{StrippedUser-Name} -> > > [mschap] ... expanding second conditional > > [mschap] expand: %{mschap:User-Name:-None} -> sm18818 > > [mschap] expand: > --username=%{%{StrippedUser-Name}:-%{mschap:User-Name:-None}} -> > --username=sm18818 > > [mschap] Creating challenge hash with username: sm18818 > > [mschap] expand: --challenge=%{mschap:Challenge:-00} -> > --challenge=9567501c765b1dc2 > > [mschap] expand: --ntresponse=%{mschap:NT-Response:-00} -> > --ntresponse=6c40a14ff7b01b9bfa31b93205cf5b5b1b72b2f6f666bcd6 > > Exec-Program output: Logon failure (0xc000006d) > > Exec-Program-Wait: plaintext: Logon failure (0xc000006d) > > Exec-Program: returned: 1 > > [mschap] External script failed. > > [mschap] FAILED: MS-CHAP2-Response is incorrect > > ++[mschap] returns reject > > [eap] Freeing handler > > ++[eap] returns reject > > Failed to authenticate the user. > > Login incorrect (mschap: External script says Logon failure > (0xc000006d)): [sm18818] (from client 192.168.142.13 port 13 cli > 00-26-b6-da-18-42 via TLS tunnel) > > } # server packetfence-tunnel > > [peap] Got tunneled reply code 3 > > MS-CHAP-Error = "\010E=691 R=1" > > EAP-Message = 0x04080004 > > Message-Authenticator = 0x00000000000000000000000000000000 > > [peap] Got tunneled reply RADIUS code 3 > > MS-CHAP-Error = "\010E=691 R=1" > > EAP-Message = 0x04080004 > > Message-Authenticator = 0x00000000000000000000000000000000 > > [peap] Tunneled authentication was rejected. > > [peap] FAILURE > > ++[eap] returns handled > > } # server packetfence > > Sending Access-Challenge of id 186 to 192.168.142.13 port 32769 > > EAP-Message = > 0x0109002b19001703010020705314f0ffe8f897bf6c27f2a93c5d4afdf6f8ad81814ea77b792be912103f62 > > Message-Authenticator = 0x00000000000000000000000000000000 > > State = 0x61cb5e0967c247ae15acced8dd35559b > > Finished request 6. > > Can anybody on here advise or should I be posting this to the > Freeradius mailing list? > > Cheers, > > Andi > > ------------------------------------- > > Andi Morris > > IT Security Officer > Cardiff Metropolitan University > > T: 02920 205720 > E: amor...@cardiffmet.ac.uk <mailto:amor...@cardiffmet.ac.uk> > > -------------------------------------- > > > > ------------------------------------------------------------------------------ > See everything from the browser to the database with AppDynamics > Get end-to-end visibility with application monitoring from AppDynamics > Isolate bottlenecks and diagnose root cause in seconds. > Start your free trial of AppDynamics Pro today! > http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk > > > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Francois Gaudreault Architecte de Solution Cloud | Cloud Solutions Architect fgaudrea...@cloudops.com 514-629-6775 - - - CloudOps 420 rue Guy Montréal QC H3J 1S6 www.cloudops.com @CloudOps_ ------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
