When I entered the command that you suggested on the PacketFence/FreeRadius
server, I got this:
[root@pfcv sbin]# ntlm_auth --username=LT-T430-3\$
--challenge=4ab096b446376d5f
--ntresponse=4df85dd62db46ee5bef1aa07fe499e87fc16eca72bd529e7
Logon failure (0xc000006d)
Contents of mschp are below:
mschap {
use_mppe = yes
require_encryption = yes
require_strong = yes
with_ntdomain_hack = yes
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
--username=%{%{Stripped-User-Name}:-%{mschap:User-Name:-None}}
--challenge=%{mschap:Challenge:-00} --ntresponse=%{mschap:NT-Response:-00}"
}
From: Louis Munro [mailto:[email protected]]
Sent: Tuesday, August 12, 2014 3:44 PM
To: [email protected]
Subject: Re: [PacketFence-users] "No trusted SAM account"
Sorry If I am a bit late to the party, but have you reproduced the issue
precisely the same way FreeRADIUS is trying to authenticate that machine?
I.e:
If FR says the following:
[mschap] Creating challenge hash with username:
host/LT-T430-3.omni.imsweb.com<http://lt-t430-3.omni.imsweb.com/>
[mschap] Client is using MS-CHAPv2 for
host/LT-T430-3.omni.imsweb.com<http://lt-t430-3.omni.imsweb.com/>, we need
NT-Password
[mschap] expand: %{Stripped-User-Name} ->
[mschap] ... expanding second conditional
[mschap] expand: %{mschap:User-Name:-None} -> LT-T430-3$
[mschap] expand:
--username=%{%{Stripped-User-Name}:-%{mschap:User-Name:-None}} ->
--username=LT-T430-3$
[mschap] Creating challenge hash with username:
host/LT-T430-3.omni.imsweb.com<http://lt-t430-3.omni.imsweb.com/>
[mschap] expand: --challenge=%{mschap:Challenge:-00} ->
--challenge=4ab096b446376d5f
[mschap] expand: --ntresponse=%{mschap:NT-Response:-00} ->
--ntresponse=4df85dd62db46ee5bef1aa07fe499e87fc16eca72bd529e7
Then do:
# ntlm_auth --username=LT-T430-3\$ --challenge=4ab096b446376d5f
--ntresponse=4df85dd62db46ee5bef1aa07fe499e87fc16eca72bd529e7
Same goes for user authentication.
Also, please show us the contents of your /usr/local/pf/raddb/modules/mschap.
--
Louis Munro
[email protected]<mailto:[email protected]> ::
www.inverse.ca<http://www.inverse.ca>
+1.514.447.4918 *125 :: +1 (866) 353-6153
Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu>) and
PacketFence (www.packetfence.org<http://www.packetfence.org>)
________________________________
Information in this e-mail may be confidential. It is intended only for the
addressee(s) identified above. If you are not the addressee(s), or an employee
or agent of the addressee(s), please note that any dissemination, distribution,
or copying of this communication is strictly prohibited. If you have received
this e-mail in error, please notify the sender of the error.
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
