I found my problem. From Andrew Bartlett himself "This is not supported against NT4. Only Samba 3.0.21rc1 and AD support this extra flag." To do machine authentication with freeradius, your workstation (supplicant) and samba server must be a member of a 2000/2003 domain. I had the supplicant and samba server still a member of the nt4 domain. Once I changed this, it worked great. Were still in the middle of a migration from nt4 to 2003 and all accounts still authenticate fine.
Thanks for everyones help!!!!!! jamie >>> [EMAIL PROTECTED] 11/18/2005 12:16:43 PM >>> Make sure you used the rlm_MSchap module from the snapshot, not the rlm_chap module. They're different. --Mike Jamie Crawford wrote: > Hi, > I am trying to get machine authentication working with freeradius. I > have patched the samba code and freeradius code. But am getting this > error when the machine tries to authenticate. I patched the rlm_chap > module by taking last nights cvs snapshot and copying over the rlm_chap > folder overwriting the contents of the same folder in the > freeradius-1.0.5 release and recompiling. I see that it is trying to > pass the username as "host/IS--000031176". I thought the updated > rlm_mschap was suppposed to strip the "host/" part of the username. Do > I need to create a realm to strip the "host/"? > Any help would be appreciated!!! > Thanks, > jamie > > > make clean > > ./configure --configure --with-raddbdir=/etc/radius > --with-logdir=/var/log/radius --disable-snmp --without-rlm_sql > --without-rlm_ldap --without-rlm_krb5 > > make > > make install > > modcall: entering group Auth-Type for request 6 > rlm_mschap: No User-Password configured. Cannot create LM-Password. > rlm_mschap: No User-Password configured. Cannot create NT-Password. > rlm_mschap: Told to do MS-CHAPv2 for host/IS--000031176 with > NT-Password > radius_xlat: Running registered xlat function of module mschap for > string 'User-Name' > radius_xlat: Running registered xlat function of module mschap for > string 'Challenge' > mschap2: d3 > radius_xlat: Running registered xlat function of module mschap for > string 'NT-Response' > radius_xlat: '/usr/bin/ntlm_auth --domain= --request-nt-key > --username=host/IS--000031176 --challenge=12345ce0768615e > --nt-response=123456f1011a2f799b5d62e04ba > d8bb39719fa48c3d11299e' > Exec-Program: /usr/bin/ntlm_auth --domain= --request-nt-key > --username=host/IS--000031176 --challenge=123453ce0768615e > --nt-response=12345f1011a2f799b5d62e04bad8bb39719fa48c3d11299e > Exec-Program output: Logon failure (0xc000006d) > Exec-Program-Wait: plaintext: Logon failure (0xc000006d) > Exec-Program: returned: 1 > rlm_mschap: External script failed. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
