Re: Freeradius + AD2003 Authentication ERROR - Help please !
ok will try another user, thanks again for the tips allan. On 4/13/07, Alan DeKok [EMAIL PROTECTED] wrote: Jacob Jarick wrote: I start the wireless connection on XP, enter in user and password, freeradius runs the ntlm_auth command but then it spits out this hge message. Its so big the terminals buffer isnt big enough, but I have copied and pasted everything I can. $ script logfile $ radiusd -X ... $ exit $ more logfile SSL ERROR: (other): SSL negotiation finished successfully rlm_eap: SSL error error::lib(0):func(0):reason(0) That's fixed in 1.1.6. It's not an error, it just logs too much information. Failure to validate user: Exec-Program: /usr/bin/ntlm_auth --request-nt-key --domain= --username=Administrator --challenge=bb4c397988ae6ebc --nt-response=4a7cd9abdfc2f92680c182845a937f4beb6646c4cddd7de1 Exec-Program output: No such user (0xc064) Exec-Program-Wait: plaintext: No such user (0xc064) The ntlm_auth program returns that there's no such user. Maybe you should try testing with a user other than Administrator. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius + AD2003 Authentication ERROR - Help please !
Me again guys, I have adjusted my config files etc (see links betow), but now Im stuck on this new error and it has me a bit baffled. Freeradius 1.1.3 smb.conf http://pastebin.ca/437671 radius.conf http://pastebin.ca/437670 clients.conf http://pastebin.ca/437668 eap.conf http://pastebin.ca/437667 krb5.conf http://pastebin.ca/437666 I start the wireless connection on XP, enter in user and password, freeradius runs the ntlm_auth command but then it spits out this hge message. Its so big the terminals buffer isnt big enough, but I have copied and pasted everything I can. Error highlights (stuff that I think may be causing issues). SSL ERROR: (other): SSL negotiation finished successfully rlm_eap: SSL error error::lib(0):func(0):reason(0) Failure to validate user: Exec-Program: /usr/bin/ntlm_auth --request-nt-key --domain= --username=Administrator --challenge=bb4c397988ae6ebc --nt-response=4a7cd9abdfc2f92680c182845a937f4beb6646c4cddd7de1 Exec-Program output: No such user (0xc064) Exec-Program-Wait: plaintext: No such user (0xc064) Exec-Program: returned: 1 rlm_mschap: External script failed. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect modcall[authenticate]: module mschap returns reject for request 6 modcall: leaving group MS-CHAP (returns reject) for request 6 rlm_eap: Freeing handler modcall[authenticate]: module eap returns reject for request 6 modcall: leaving group authenticate (returns reject) for request 6 auth: Failed to validate the user. PEAP Failure: PEAP: Tunneled authentication was rejected. rlm_eap_peap: FAILURE [EMAIL PROTECTED] ~]# radiusd -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/eap.conf main: prefix = /usr main: localstatedir = /var main: logdir = /var/log/radius main: libdir = /usr/lib main: radacctdir = /var/log/radius/radacct main: hostname_lookups = no main: snmp = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = /var/log/radius/radius.log main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = /var/run/radiusd/radiusd.pid main: user = radiusd main: group = radiusd main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/sbin/checkrad main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/lib Module: Loaded exec exec: wait = yes exec: program = (null) exec: input_pairs = request exec: output_pairs = (null) exec: packet_type = (null) rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = crypt Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = yes mschap: passwd = (null) mschap: ntlm_auth = /usr/bin/ntlm_auth --request-nt-key --domain=%{mschap:NT-Domain} --username=%{mschap:User-Name} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00} Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = (null) unix: shadow = /etc/shadow unix: group = (null) unix: radwtmp = /var/log/radius/radwtmp unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = peap eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = Password: gtc: auth_type = PAP rlm_eap: Loaded and initialized type gtc tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = (null) tls: pem_file_type = yes tls: private_key_file = /etc/raddb/certs/cert-srv.pem tls: certificate_file = /etc/raddb/certs/cert-srv.pem tls: CA_file =
Re: Freeradius + AD2003 Authentication ERROR - Help please !
Jacob Jarick wrote: I start the wireless connection on XP, enter in user and password, freeradius runs the ntlm_auth command but then it spits out this hge message. Its so big the terminals buffer isnt big enough, but I have copied and pasted everything I can. $ script logfile $ radiusd -X ... $ exit $ more logfile SSL ERROR: (other): SSL negotiation finished successfully rlm_eap: SSL error error::lib(0):func(0):reason(0) That's fixed in 1.1.6. It's not an error, it just logs too much information. Failure to validate user: Exec-Program: /usr/bin/ntlm_auth --request-nt-key --domain= --username=Administrator --challenge=bb4c397988ae6ebc --nt-response=4a7cd9abdfc2f92680c182845a937f4beb6646c4cddd7de1 Exec-Program output: No such user (0xc064) Exec-Program-Wait: plaintext: No such user (0xc064) The ntlm_auth program returns that there's no such user. Maybe you should try testing with a user other than Administrator. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html