Hi, I am stumped! I have implemented samba and MSCHAPv2 and everything works when running as user root. (Winbindd and radiator running as root.) But I need to run the radiator process as user "radiator". I also had to install samba in an alternate directory.
So – when running radiator and winbindd as "root" everything works including ntlm_auth from command line and also MSCHAPv2 connections through radiator. When running radiator and winbindd as user "radiator" ntlm_auth from command line works but MCHAPv2 connection through radiator fails. The log file looks like this: Mon Oct 31 10:50:03 2011: DEBUG: Handling request with Handler 'TunnelledByPEAP=1, Client-Identifier=RRSec', Identifier '' Mon Oct 31 10:50:03 2011: DEBUG: Deleting session for anonymous, 132.236.115.218, 1 Mon Oct 31 10:50:03 2011: DEBUG: Handling with Radius::AuthNTLM: NTLM_Auth Mon Oct 31 10:50:03 2011: DEBUG: Handling with EAP: code 2, 12, 71, 26 Mon Oct 31 10:50:03 2011: DEBUG: Response type 26 Mon Oct 31 10:50:03 2011: DEBUG: Radius::AuthNTLM looks for match with jv11 [anonymous] Mon Oct 31 10:50:03 2011: DEBUG: Radius::AuthNTLM ACCEPT: : jv11 [anonymous] Mon Oct 31 10:50:03 2011: INFO: Starting NtlmAuthProg: /app/radius/samba/bin/ntlm_auth --helper-protocol=ntlm-server-1 Mon Oct 31 10:50:03 2011: DEBUG: Passing attribute Request-User-Session-Key: Yes Mon Oct 31 10:50:03 2011: DEBUG: Passing attribute Request-LanMan-Session-Key: Yes Mon Oct 31 10:50:03 2011: DEBUG: Passing attribute LANMAN-Challenge: 127b94af6efbf1ef Mon Oct 31 10:50:03 2011: DEBUG: Passing attribute NT-Response: 58275ba370f360657e0867e1d41f6412d8d07dd50e7a503b Mon Oct 31 10:50:03 2011: DEBUG: Passing attribute NT-Domain:: Q09STkVMTA== Mon Oct 31 10:50:03 2011: DEBUG: Passing attribute Username:: anYxMQ== Mon Oct 31 10:50:03 2011: DEBUG: Received attribute: Authenticated: No Mon Oct 31 10:50:03 2011: DEBUG: Received attribute: Authentication-Error: Reading winbind reply failed! Mon Oct 31 10:50:03 2011: DEBUG: Received attribute: . Mon Oct 31 10:50:03 2011: WARNING: NTLM Could not authenticate user: Reading winbind reply failed! Mon Oct 31 10:50:03 2011: DEBUG: EAP result: 1, EAP MSCHAP-V2 Authentication failure Mon Oct 31 10:50:03 2011: DEBUG: AuthBy NTLM result: REJECT, EAP MSCHAP-V2 Authentication failure Mon Oct 31 10:50:03 2011: INFO: Access rejected for anonymous: EAP MSCHAP-V2 Authentication failure Mon Oct 31 10:50:04 2011: DEBUG: Returned PEAP tunnelled packet dump: Code: Access-Reject Identifier: UNDEF Authentic: <148>#<161>(<30><143><169><10><226><242>!<251>L<186><215><184> Attributes: EAP-Message = <4><12><0><4> Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> Reply-Message = "Request Denied" Session-Timeout = 28800 As user radiator, this works: /app/radius/samba/bin/ntlm_auth --request-nt-key --domain=CORNELL --username=jv11 --password=xxxxxxxxxx doing parameter log file = /app/log/samba/log.%m doing parameter max log size = 1000 doing parameter syslog = 0 doing parameter winbind enum groups = yes doing parameter winbind enum users = yes doing parameter winbind use default domain = yes doing parameter winbind nested groups = yes doing parameter dns proxy = no pm_process() returned Yes NT_STATUS_OK: Success (0x0) I have ntlm_auth set up as a script so that the proper libraries can be found - so the contents of /app/radius/samba/bin/ntlm_auth are: #!/bin/sh export LD_LIBRARY_PATH=/app/radius/samba/lib exec /app/radius/samba/bin/ntlm_auth.real "$@" Similar setup for the other samba executables of winbindd and wbinfo and net. I had to make sure that radiator is running the correct version of ntlm_auth, and used this in the radius config file: NtlmAuthProg /app/radius/samba/bin/ntlm_auth --helper-protocol=ntlm-server-1 I used this configure command for building samba: ./configure --prefix=/app/radius/samba/ --with-configdir=/app/radius/samba/conf --with-privatedir=/app/radius/samba/private --disable-cups --with-ads --with-ldap and in /app/radius/samba/conf I have the krb5.conf file and the smb.conf file I am changing the owner:group of these files when running as user radiator: /app/log/samba/* /app/radius/samba/var/* /tmp/.win* But I must be missing something somewhere!! What is it, any ideas? Thanks in advance- Joy
_______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
