Re: Freeradius + AD2003 Authentication ERROR - Help please !
ok will try another user, thanks again for the tips allan. On 4/13/07, Alan DeKok [EMAIL PROTECTED] wrote: Jacob Jarick wrote: I start the wireless connection on XP, enter in user and password, freeradius runs the ntlm_auth command but then it spits out this hge message. Its so big the terminals buffer isnt big enough, but I have copied and pasted everything I can. $ script logfile $ radiusd -X ... $ exit $ more logfile SSL ERROR: (other): SSL negotiation finished successfully rlm_eap: SSL error error::lib(0):func(0):reason(0) That's fixed in 1.1.6. It's not an error, it just logs too much information. Failure to validate user: Exec-Program: /usr/bin/ntlm_auth --request-nt-key --domain= --username=Administrator --challenge=bb4c397988ae6ebc --nt-response=4a7cd9abdfc2f92680c182845a937f4beb6646c4cddd7de1 Exec-Program output: No such user (0xc064) Exec-Program-Wait: plaintext: No such user (0xc064) The ntlm_auth program returns that there's no such user. Maybe you should try testing with a user other than Administrator. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius + AD2003 Authentication ERROR - Help please !
Me again guys, I have adjusted my config files etc (see links betow),
but now Im stuck on this new error and it has me a bit baffled.
Freeradius 1.1.3
smb.conf http://pastebin.ca/437671
radius.conf http://pastebin.ca/437670
clients.conf http://pastebin.ca/437668
eap.conf http://pastebin.ca/437667
krb5.conf http://pastebin.ca/437666
I start the wireless connection on XP, enter in user and password,
freeradius runs the ntlm_auth command but then it spits out this
hge message. Its so big the terminals buffer isnt big enough, but
I have copied and pasted everything I can.
Error highlights (stuff that I think may be causing issues).
SSL ERROR:
(other): SSL negotiation finished successfully
rlm_eap: SSL error error::lib(0):func(0):reason(0)
Failure to validate user:
Exec-Program: /usr/bin/ntlm_auth --request-nt-key --domain=
--username=Administrator --challenge=bb4c397988ae6ebc
--nt-response=4a7cd9abdfc2f92680c182845a937f4beb6646c4cddd7de1
Exec-Program output: No such user (0xc064)
Exec-Program-Wait: plaintext: No such user (0xc064)
Exec-Program: returned: 1
rlm_mschap: External script failed.
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
modcall[authenticate]: module mschap returns reject for request 6
modcall: leaving group MS-CHAP (returns reject) for request 6
rlm_eap: Freeing handler
modcall[authenticate]: module eap returns reject for request 6
modcall: leaving group authenticate (returns reject) for request 6
auth: Failed to validate the user.
PEAP Failure:
PEAP: Tunneled authentication was rejected.
rlm_eap_peap: FAILURE
[EMAIL PROTECTED] ~]# radiusd -X
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/proxy.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/snmp.conf
Config: including file: /etc/raddb/eap.conf
main: prefix = /usr
main: localstatedir = /var
main: logdir = /var/log/radius
main: libdir = /usr/lib
main: radacctdir = /var/log/radius/radacct
main: hostname_lookups = no
main: snmp = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = /var/log/radius/radius.log
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = /var/run/radiusd/radiusd.pid
main: user = radiusd
main: group = radiusd
main: usercollide = no
main: lower_user = no
main: lower_pass = no
main: nospace_user = no
main: nospace_pass = no
main: checkrad = /usr/sbin/checkrad
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = no
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/lib
Module: Loaded exec
exec: wait = yes
exec: program = (null)
exec: input_pairs = request
exec: output_pairs = (null)
exec: packet_type = (null)
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = crypt
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = yes
mschap: passwd = (null)
mschap: ntlm_auth = /usr/bin/ntlm_auth --request-nt-key
--domain=%{mschap:NT-Domain} --username=%{mschap:User-Name}
--challenge=%{mschap:Challenge:-00}
--nt-response=%{mschap:NT-Response:-00}
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = (null)
unix: shadow = /etc/shadow
unix: group = (null)
unix: radwtmp = /var/log/radius/radwtmp
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = peap
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = Password:
gtc: auth_type = PAP
rlm_eap: Loaded and initialized type gtc
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = (null)
tls: pem_file_type = yes
tls: private_key_file = /etc/raddb/certs/cert-srv.pem
tls: certificate_file = /etc/raddb/certs/cert-srv.pem
tls: CA_file =
Re: Freeradius + AD2003 Authentication ERROR - Help please !
Jacob Jarick wrote: I start the wireless connection on XP, enter in user and password, freeradius runs the ntlm_auth command but then it spits out this hge message. Its so big the terminals buffer isnt big enough, but I have copied and pasted everything I can. $ script logfile $ radiusd -X ... $ exit $ more logfile SSL ERROR: (other): SSL negotiation finished successfully rlm_eap: SSL error error::lib(0):func(0):reason(0) That's fixed in 1.1.6. It's not an error, it just logs too much information. Failure to validate user: Exec-Program: /usr/bin/ntlm_auth --request-nt-key --domain= --username=Administrator --challenge=bb4c397988ae6ebc --nt-response=4a7cd9abdfc2f92680c182845a937f4beb6646c4cddd7de1 Exec-Program output: No such user (0xc064) Exec-Program-Wait: plaintext: No such user (0xc064) The ntlm_auth program returns that there's no such user. Maybe you should try testing with a user other than Administrator. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
