Will have a look at it Cheers! dw.
-- Derek Wuelfrath dwuelfr...@inverse.ca :: +1.514.447.4918 (x110) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) On 2013-07-24, at 10:04 AM, Francois Gaudreault <fgaudrea...@cloudops.com> wrote: > That copy and paste issue came quite often on the list. > > Maybe you (or someone else) should fix the documentation and send > Inverse a patch... > > FG > > On 2013-07-24 9:47 AM, Morris, Andi wrote: >> >> Apologies, I had missed a hyphen out of my mschap config in the >> –nt-response section. >> >> Andi >> >> *From:*Morris, Andi [mailto:amor...@cardiffmet.ac.uk] >> *Sent:* 24 July 2013 13:34 >> *To:* packetfence-users@lists.sourceforge.net >> *Subject:* [PacketFence-users] Freeradius ms-chap2 response incorrect >> >> Hi all, >> >> Recently upgraded to 4.0.3 but I’m struggling to get my authentication >> to AD via FreeRadius working properly. I have followed the admin >> guide, my ntlm_auth and radtest tests result in success. However using >> the same username and password combo that I used in the ntlm_auth test >> through freeradius results in rejection. >> >> I’ve attached a full debug output, but I think the key section is: >> >> # Executing group from file >> /usr/local/pf/raddb//sites-enabled/packetfence-tunnel >> >> +- entering group authenticate {...} >> >> [eap] Request found, released from the list >> >> [eap] EAP/mschapv2 >> >> [eap] processing type mschapv2 >> >> [mschapv2] # Executing group from file >> /usr/local/pf/raddb//sites-enabled/packetfence-tunnel >> >> [mschapv2] +- entering group MS-CHAP {...} >> >> [mschap] Creating challenge hash with username: sm18818 >> >> [mschap] Client is using MS-CHAPv2 for sm18818, we need NT-Password >> >> [mschap] expand: %{StrippedUser-Name} -> >> >> [mschap] ... expanding second conditional >> >> [mschap] expand: %{mschap:User-Name:-None} -> sm18818 >> >> [mschap] expand: >> --username=%{%{StrippedUser-Name}:-%{mschap:User-Name:-None}} -> >> --username=sm18818 >> >> [mschap] Creating challenge hash with username: sm18818 >> >> [mschap] expand: --challenge=%{mschap:Challenge:-00} -> >> --challenge=9567501c765b1dc2 >> >> [mschap] expand: --ntresponse=%{mschap:NT-Response:-00} -> >> --ntresponse=6c40a14ff7b01b9bfa31b93205cf5b5b1b72b2f6f666bcd6 >> >> Exec-Program output: Logon failure (0xc000006d) >> >> Exec-Program-Wait: plaintext: Logon failure (0xc000006d) >> >> Exec-Program: returned: 1 >> >> [mschap] External script failed. >> >> [mschap] FAILED: MS-CHAP2-Response is incorrect >> >> ++[mschap] returns reject >> >> [eap] Freeing handler >> >> ++[eap] returns reject >> >> Failed to authenticate the user. >> >> Login incorrect (mschap: External script says Logon failure >> (0xc000006d)): [sm18818] (from client 192.168.142.13 port 13 cli >> 00-26-b6-da-18-42 via TLS tunnel) >> >> } # server packetfence-tunnel >> >> [peap] Got tunneled reply code 3 >> >> MS-CHAP-Error = "\010E=691 R=1" >> >> EAP-Message = 0x04080004 >> >> Message-Authenticator = 0x00000000000000000000000000000000 >> >> [peap] Got tunneled reply RADIUS code 3 >> >> MS-CHAP-Error = "\010E=691 R=1" >> >> EAP-Message = 0x04080004 >> >> Message-Authenticator = 0x00000000000000000000000000000000 >> >> [peap] Tunneled authentication was rejected. >> >> [peap] FAILURE >> >> ++[eap] returns handled >> >> } # server packetfence >> >> Sending Access-Challenge of id 186 to 192.168.142.13 port 32769 >> >> EAP-Message = >> 0x0109002b19001703010020705314f0ffe8f897bf6c27f2a93c5d4afdf6f8ad81814ea77b792be912103f62 >> >> Message-Authenticator = 0x00000000000000000000000000000000 >> >> State = 0x61cb5e0967c247ae15acced8dd35559b >> >> Finished request 6. >> >> Can anybody on here advise or should I be posting this to the >> Freeradius mailing list? >> >> Cheers, >> >> Andi >> >> ------------------------------------- >> >> Andi Morris >> >> IT Security Officer >> Cardiff Metropolitan University >> >> T: 02920 205720 >> E: amor...@cardiffmet.ac.uk <mailto:amor...@cardiffmet.ac.uk> >> >> -------------------------------------- >> >> >> >> ------------------------------------------------------------------------------ >> See everything from the browser to the database with AppDynamics >> Get end-to-end visibility with application monitoring from AppDynamics >> Isolate bottlenecks and diagnose root cause in seconds. >> Start your free trial of AppDynamics Pro today! >> http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk >> >> >> _______________________________________________ >> PacketFence-users mailing list >> PacketFence-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > -- > Francois Gaudreault > Architecte de Solution Cloud | Cloud Solutions Architect > fgaudrea...@cloudops.com > 514-629-6775 > - - - > CloudOps > 420 rue Guy > Montréal QC H3J 1S6 > www.cloudops.com > @CloudOps_ > > > ------------------------------------------------------------------------------ > See everything from the browser to the database with AppDynamics > Get end-to-end visibility with application monitoring from AppDynamics > Isolate bottlenecks and diagnose root cause in seconds. > Start your free trial of AppDynamics Pro today! > http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
