On Dec 16, 2014, at 9:52 , Jeremy Plumley <jmplum...@gtcc.edu> wrote:
> I’m attempting to get a Packetfence server running that will handle our
> wireless users. I can authenticate with the localhost using the radtest and
> ntlm_auth just fine but when I try to connect from my secure ssid I just get
> a login failure message. Tried to modify my mschap file in modules with
> several different setups according to those I have seen on the forum with no
> luch. Below is the output I get from the “/usr/sbin/radiusd -d
> /usr/local/pf/raddb/ -X” command.
>
>
> Found Auth-Type = EAP
> # Executing group from file
> /usr/local/pf/raddb//sites-enabled/packetfence-tunnel
> +group authenticate {
> [eap] Request found, released from the list
> [eap] EAP/mschapv2
> [eap] processing type mschapv2
> [mschapv2] # Executing group from file
> /usr/local/pf/raddb//sites-enabled/packetfence-tunnel
> [mschapv2] +group MS-CHAP {
> [mschap] Creating challenge hash with username: jmplumley
> [mschap] Client is using MS-CHAPv2 for jmplumley, we need NT-Password
> [mschap] expand: --username=%{mschap:User-Name} ->
> --username=jmplumley
> [mschap] Creating challenge hash with username: jmplumley
> [mschap] expand: %{mschap:Challenge} -> 67a25cfa5883c836
> [mschap] expand: --challenge=%{%{mschap:Challenge}:-00} ->
> --challenge=67a25cfa5883c836
> [mschap] expand: %{mschap:NT-Response} ->
> 5130eaca92c0db811c7d662d9ab9c6ae1c05bca8ab3f42cd
> [mschap] expand: --nt-response=%{%{mschap:NT-Response}:-00} ->
> --nt-response=5130eaca92c0db811c7d662d9ab9c6ae1c05bca8ab3f42cd
> Exec output: Logon failure (0xc000006d)
> Exec plaintext: Logon failure (0xc000006d)
> [mschap] Exec: program returned: 1
> [mschap] External script failed.
> [mschap] FAILED: MS-CHAP2-Response is incorrect
> ++[mschap] = reject
Hi Jeremy,
Your ntlm_auth is failing.
If this is a recent version of PacketFence, you should not have to modify
raddb/modules/mschap.
The provided version is fine.
Please test ntlm_auth as the user pf:
# su - pf
$ ntm_auth --username=jmplumley --challenge=67a25cfa5883c836
--nt-response=5130eaca92c0db811c7d662d9ab9c6ae1c05bca8ab3f42cd
What does that return?
Regards,
--
Louis Munro
lmu...@inverse.ca :: www.inverse.ca
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
