{...}
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] No Cleartext-Password configured. Cannot create NT-Password.
[mschap] Told to do MS-CHAPv2 for testuser with NT-Password
[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
[mschap] FAILED: MS-CHAP2
On 28 Sep 2011, at 09:50, sekchel lee wrote:
mysql select * from radcheck;
+++---+++
| id | username | attribute | op | value |
jon michaels wrote:
I am attempting to replicate a test setup into production and
somewhere along the way I must have forgotten something.
I have an NT-Password stored in a mysql database and currently get the
following response from freeradius upon authenticating:
Well... if the server
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} - jo
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject
[eap] processing type mschapv2
[mschapv2] +- entering group MS-CHAP {...}
*[mschap] Invalid NT-Password
[mschap] Told to do MS-CHAPv2 for bernard with NT-Password
[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect*
++[mschap] returns
can i post all the debug output?
thanks
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-Password is enough to
produce a correct NT hash password?
*[mschap] Invalid NT-Password * *
[mschap] Told to do MS-CHAPv2 for bernard with NT-Password
[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
[eap] Freeing
Hi,
[ldap] userPassword - Cleartext-Password == test
note the space at the end. your password is 'test ' not just 'test'
is this deliberate? check your LDAP!
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Am 15.03.2010 um 11:35 schrieb omega bk:
sorry for spamming, i just want to understand
OpenLDAP knows the clear text password:
[ldap] userPassword - Cleartext-Password == test
[ldap] userPassword - NT-Password == 0x7465737420 = supposed to
be the hash password
I doub very much
-Password
[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
2010/3/15 Alan Buxey a.l.m.bu...@lboro.ac.uk
Hi,
[ldap] userPassword - Cleartext-Password == test
note the space at the end. your password is 'test ' not just
Hi,
[mschap] Told to do MS-CHAPv2 for bernard with NT-Password
[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
get rid of the NT-Password LDAP hook if you're not using it.
alan
-
List info/subscribe/unsubscribe? See http
Hi,
you mean by commenting mschap in autorize and authenticate section?
thanks
2010/3/15 Alan Buxey a.l.m.bu...@lboro.ac.uk
Hi,
[mschap] Told to do MS-CHAPv2 for bernard with NT-Password
[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
[mschap] FAILED: MS-CHAP2
?
thanks
2010/3/15 Alan Buxey a.l.m.bu...@lboro.ac.uk
Hi,
[mschap] Told to do MS-CHAPv2 for bernard with NT-Password
[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
get rid of the NT-Password LDAP hook if you're not using
another question?
how freeradius deal with simultaneous mutiple access?
thanks
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
another question?
why not.
how freeradius deal with simultaneous mutiple access?
read the mailing list archives?
read the documents that come with the product?
doc/Simultaneous-Use
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
for bernard with NT-Password
[mschap] FAILED: MS-CHAP2-Response is
incorrect **= what does it mean ?
++[mschap] returns reject*
[eap] Freeing handler
++[eap] returns reject
Failed to authenticate the user.
thank u so much.
-
List info/subscribe/unsubscribe? See http
Phil Mayers wrote:
You have a typo in your config:
ntlm_auth = usr/bin/ntlm_auth --request-nt-key
You are missing a leading / from the binary, hence it's failing.
Typo corrected.
Now It authenticated users but the Wireless Lan It's still not working.
The Access Point is an HP Wireless
: jueves, 03 de diciembre de 2009 11:35
Para: FreeRadius users mailing list
Asunto: RE: MS-CHAP2 Response is incorrect.
Phil Mayers wrote:
You have a typo in your config:
ntlm_auth = usr/bin/ntlm_auth --request-nt-key
You are missing a leading / from the binary, hence it's failing.
Typo
Garcia Herguedas, Unai wrote:
Hi,
I´m having a problem deploying a FreeRadius server to authenticate
Wireless users with an Active Directory.
If I execute in a shell the ntlm_auth with the same parameters as the
log pointed I get an NT Key, so don´t really know why it's not
working. I have
Phil Mayers wrote:
Garcia Herguedas, Unai wrote:
Hi,
I´m having a problem deploying a FreeRadius server to authenticate
Wireless users with an Active Directory.
If I execute in a shell the ntlm_auth with the same parameters as the
log pointed I get an NT Key, so don´t really know why
Garcia Herguedas, Unai wrote:
Phil Mayers wrote:
Garcia Herguedas, Unai wrote:
Hi,
I´m having a problem deploying a FreeRadius server to authenticate
Wireless users with an Active Directory.
If I execute in a shell the ntlm_auth with the same parameters as the
log pointed I get an NT Key,
I´m having a problem deploying a FreeRadius server to authenticate
Wireless users with an Active Directory.
Have you followed the guide:
http://deployingradius.com/documents/configuration/active_directory.html
Has it worked for pap requests and exec ntlm_auth?
Ivan Kalik
-
List
Hi all
We have a strange propmlem with our RADIUS Server.
I'm not the RADIUS expert and take over this Server and configuration...
:-(
From time to time the users are not able to login, sometime it works and
sometime it works only from 1 or 2 accesspopints (we have 10
accesspoints).
/Get-fail--MS-CHAP2-Response-is-incorrect--while-proxy-the-mschapv2-between-two-Freeradius-2.1.4-tp22697072p22717691.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
But actually, all user ID in my home radius server doesn't have @domain at
the end, so how can I proxy the request user ID with @domain to my home
radius and pass the authentication with no @domain user ID, and is it
possible?
Yes, if you are not using EAP. Since you are - you can't rewrite
group MS-CHAP {...}
[mschap] Told to do MS-CHAPv2 for test33 with NT-Password
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
Failed to authenticate the user.
Login incorrect: [test33/via Auth-Type = mschap] (from client fd-1 port 0
cli )
Using Post-Auth-Type Reject
Freeradius (proxy server) x.x.x.238
rad_recv: Access-Request packet from host x.x.x.21 port 32846, id=14,
length=191
NAS-IP-Address = x.x.x.21
NAS-Port = 0
NAS-Port-Type = Wireless-802.11
User-Name = tes...@aaa.com
Calling-Station-Id =
Hi,
But username isn't. You can't strip the username.
yep. add 'nostrip' to the proxy section for that realm
on the proxy server
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
: FAILED: MS-CHAP2-Response is incorrect
modcall[authenticate]: module mschap returns reject for request 0
modcall: leaving group MS-CHAP (returns reject) for request 0
auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
Thread 1 waiting
Processing the authenticate section of radiusd.conf
modcall: entering group MS-CHAP for request 0
rlm_mschap: Told to do MS-CHAPv2 for testuser with NT-Password
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
modcall[authenticate]: module mschap returns reject for request 0
modcall: leaving
Ok, I solved the problem. The PEAP of freeRadius 1.0.1 on solaris cannot work correctly.
after I upgraded the server to 1.0.5, it is working.
Jie
On 12/14/05, Jie Yang [EMAIL PROTECTED] wrote:
Hi,
I removed @domain, but still the same error.
I also run an AEGIS v.2.0.5 (a very old version
Jie Yang wrote:
Hi, All,
When I tried to develop PEAP at client side, i found I am always rejected by
the server. The following is the log. what might be wrong?
You almost certainly need to strip the @domain off the username before
mschap sees it - the username is used in calculating the
Hi,
I removed @domain, but still the same error.
I also run an AEGIS v.2.0.5 (a very old version though) with same supplicant configuration, which also gave me the same error. It seems to me there might be something wrong at the server side. But I don't know where. my freeradius version is
Hi, All,
When I tried todevelop PEAP at client side, i found I am always rejected by the server. The following is the log. what might be wrong?
my server config? thanks,
Jie
Tue Dec 13 19:17:04 2005 : Debug: users: Matched [EMAIL PROTECTED].com at 53
Tue Dec 13 19:17:04 2005 : Debug:
: entering group Auth-Type for request 75
rlm_mschap: Told to do MS-CHAPv2 for test with
NT-Password
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
modcall[authenticate]: module mschap
returns reject for request 75
modcall: group Auth-Type returns reject for request 75
---snip
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of DeYoung, Brandon
Sent: Freitag, 04. Mrz 2005 01:32
To: freeradius-users@lists.freeradius.org
Subject: MS-CHAP2-Response is
incorrect
Hi All,
I am running FreeRADIUS Version 1.0.0 on Suse 9.2 Pro to provide 802.1x
authentication
have you tried a non
mschapv2 authentication? try a basic authentication with NTradping to make
sure
The password is read
correctly when you are not doing mschapv2.
I think you set the password
incorrectly in the users file.
Ron.
http://www.positive-logic.net
and results in the rlm_mschap:
FAILED: MS-CHAP2-Response is incorrect
message. However, a pairfind function call in rlm_mschap
does return a VALUE_PAIR of PW_Password type with my password, which is
configured in the users file as well as on the XP SP2 supplicant.
I am not sure if this this VALUE_PAIR
Hi all,
I tried to use MSCHAP v2 in freeradius 1.0.0 but got
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
I guess this can happen only when response is not matched with
calculated.
But MSCHAP v2 worked with freeradius 0.9.3 version and the same NAS.
Take a look at the log below and let me
kevin J [EMAIL PROTECTED] wrote:
I tried to use MSCHAP v2 in freeradius 1.0.0 but got
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
I guess this can happen only when response is not matched with
calculated.
But MSCHAP v2 worked with freeradius 0.9.3 version and the same NAS.
If you're
Have we found the solution?
If so, can I get it?
Kevin.
Alan DeKok wrote:
kevin J [EMAIL PROTECTED] wrote:
I tried to use MSCHAP v2 in freeradius 1.0.0 but got
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
I guess this can happen only when "response" is n
Title: rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
Continuing my quest to integrate freeradius with Active Directory here goes another problem!
Did anyone already had this problem?
rlm_ldap: - authorize
rlm_ldap: performing user authorization for hugo.sousa
radius_xlat
: No User-Password configured. Cannot create NT-Password.
rlm_mschap: Told to do MS-CHAPv2 for hugo.sousa with NT-Password
rlm_mschap: FAILED: No NT/LM-Password. Cannot perform
authentication.
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
modcall[authenticate]: module mschap returns
.
rlm_mschap: No User-Password configured. Cannot create NT-Password.
rlm_mschap: Told to do MS-CHAPv2 for hugo.sousa with NT-Password
rlm_mschap: FAILED: No NT/LM-Password. Cannot perform
authentication.
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
modcall[authenticate
Hugo Sousa [EMAIL PROTECTED] wrote:
Are you talking about this:
#ntlm_auth = /path/to/ntlm_auth --request-nt-key
--username=%{Stripped-User-Name:-%{User-Name:-None}}
--challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}
Yes.
There is no other way to perform
: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok
Sent: sexta-feira, 10 de Setembro de 2004 19:10
To: [EMAIL PROTECTED]
Subject: Re: rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
Hugo Sousa [EMAIL PROTECTED] wrote:
Are you talking about this:
#ntlm_auth = /path
Hugo Sousa [EMAIL PROTECTED] wrote:
But if the domain controller uses LDAP, why do we have to use LDAP and after
that ntlm_auth ???
Because Active Directory isn't LDAP in the same way that other LDAP
servers are LDAP.
You can't get NT-Passwords from AD, you can get it from other LDAP
DeKok
Sent: sexta-feira, 10 de Setembro de 2004 19:21
To: [EMAIL PROTECTED]
Subject: Re: rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
Hugo Sousa [EMAIL PROTECTED] wrote:
But if the domain controller uses LDAP, why do we have to use LDAP and
after that ntlm_auth ???
Because Active
Hugo Sousa [EMAIL PROTECTED] wrote:
Does that mean that I don't need to use the LDAP modules on FreeRadius and
use only the ntlm_auth? Is is enough?
That depends on what you're trying to do.
If you're not storing user information in LDAP, you don't need to
run LDAP.
Alan DeKok.
-
: sexta-feira, 10 de Setembro de 2004 19:51
To: [EMAIL PROTECTED]
Subject: Re: rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
Hugo Sousa [EMAIL PROTECTED] wrote:
Does that mean that I don't need to use the LDAP modules on FreeRadius
and use only the ntlm_auth? Is is enough?
That depends
://www.netsystems.pt
Portugal
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok
Sent: sexta-feira, 10 de Setembro de 2004 19:51
To: [EMAIL PROTECTED]
Subject: Re: rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
Hugo Sousa [EMAIL PROTECTED] wrote
Wilfried QUET [EMAIL PROTECTED] wrote:
and with a NT-Hash password? With the Nt-User-Password attribute in the
users file perhaps?
That should work.
Is it possible to proxy the mschpv2 challenge to a PAP challenge to
solve the problem (perhaps via the realms)?
No. It's impossible.
It doesn't work with NT-Password = 0xxx in
users file.
Alan DeKok wrote:
Wilfried QUET [EMAIL PROTECTED] wrote:
and with a NT-Hash password? With the Nt-User-Password attribute in the
users file perhaps?
That should work.
Is it possible to proxy the mschpv2
It's OK with the CVS snapshot of Friday 5 March 2004 with a clear
password in the users file.
I want to use only unix crypt password with peap-mschapv2.
Is it possible and how?
Thanks you very much
Thank
Alan DeKok wrote:
Wilfried QUET [EMAIL PROTECTED] wrote:
In users file :
toto
Wilfried QUET [EMAIL PROTECTED] wrote:
I want to use only unix crypt password with peap-mschapv2.
Is it possible and how?
It's impossible.
Alan Dekok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Wilfried QUET [EMAIL PROTECTED] wrote:
In users file :
totoAuth-Type :=3D EAP, User-Password ===
0x7666F0D93535E6C2F6A3DDAD29A7EF55
Are you *sure* that's the user's password? It looks like something
else to me, like a hashed password.
Alan DeKok.
-
List
56 matches
Mail list logo