On 11/22/2013 05:53 PM, Johnson, Neil M wrote: > We are using AuthByLSA and EAP/PEAP/MSCHAPv2 for wireless authentication. > > The only message we see in our AuthLog when a user is either > non-existiant or has a bad password is: > Nov 22 03:33:13 itsnt552.iowa.uiowa.edu <http://itsnt552.iowa.uiowa.edu> > c: \Perl64\bin\radiusd[2056]: 03:33:13 | A0-F4-50-AF-8A-76 | > [email protected] <mailto:[email protected]> | FAIL: EAP MSCHAP V2 > failed: no such user [email protected] <mailto:[email protected]> | > | NAS-IP 128.255.11.136 > > However right before the AuthLog message we get the following Trace 2 > message Logged. > Nov 22 03:33:13 itsnt552.iowa.uiowa.edu <http://itsnt552.iowa.uiowa.edu> > c: \Perl64\bin\radiusd[2056]: Could not LogonUserNetworkMSCHAP (V2): > 3221225581, 0, Logon failure: unknown user name or bad password.#015
Hello Neil, the status (return) value from the logon call is 3221225581, or 0xC000006D in hex. The MS NTSTATUS list: http://msdn.microsoft.com/en-us/library/cc704588.aspx tells: '... bad username or authentication information.' The substatus code in the error message is 0. If you look at the error logs, do you see different values for status and substatus values? For example, 0xC000006D and 0xC0000064 for 'bad username or authentication information' and 'no such user'. > Is there away to differentiate between "unknown user name" and "bad > password" in the logs. The logon call returns just status, and substatus can be fetched separately, so the two values in the log message is the only information available. However, you may want to check if the values change based on the real reason such has bad password or non-existing user. > It would help us track down users with misconfigured wireless devices. Please let us know if the above helps. It may depend on the windows environment, so I can not tell for sure what the status codes will tell. Thanks, Heikki -- Heikki Vatiainen <[email protected]> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
