For the type of configuration you're trying to use (PEAP/EAP-MSCHAPv2 with Active Directory), you'll need to use the ntlm_auth hooks in the mschap module.
--Mike On Fri, 2004-09-10 at 11:12, Hugo Sousa wrote: > Continuing my quest to integrate freeradius with Active Directory… > here goes another problem! > > Did anyone already had this problem? > > > rlm_ldap: - authorize > rlm_ldap: performing user authorization for hugo.sousa > radius_xlat: '(sAMAccountName=hugo.sousa)' > radius_xlat: 'dc=office,dc=netsystems,dc=PT' > rlm_ldap: ldap_get_conn: Checking Id: 0 > rlm_ldap: ldap_get_conn: Got Id: 0 > rlm_ldap: performing search in dc=office,dc=netsystems,dc=PT, with > filter (sAMAccountName=hugo.sousa) > rlm_ldap: looking for check items in directory... > rlm_ldap: looking for reply items in directory... > rlm_ldap: user hugo.sousa authorized to use remote access > rlm_ldap: ldap_release_conn: Release Id: 0 > modcall[authorize]: module "ldap" returns ok for request 7 > modcall: group authorize returns updated for request 7 > rad_check_password: Found Auth-Type EAP > auth: type "EAP" > Processing the authenticate section of radiusd.conf > modcall: entering group authenticate for request 7 > rlm_eap: Request found, released from the list > rlm_eap: EAP/mschapv2 > rlm_eap: processing type mschapv2 > Processing the authenticate section of radiusd.conf > modcall: entering group Auth-Type for request 7 > rlm_mschap: No User-Password configured. Cannot create LM-Password. > rlm_mschap: No User-Password configured. Cannot create NT-Password. > rlm_mschap: Told to do MS-CHAPv2 for hugo.sousa with NT-Password > rlm_mschap: FAILED: No NT/LM-Password. Cannot perform > authentication. > rlm_mschap: FAILED: MS-CHAP2-Response is incorrect > modcall[authenticate]: module "mschap" returns reject for request 7 > modcall: group Auth-Type returns reject for request 7 > rlm_eap: Freeing handler > modcall[authenticate]: module "eap" returns reject for request 7 > modcall: group authenticate returns reject for request 7 > auth: Failed to validate the user. > PEAP: Tunneled authentication was rejected. > rlm_eap_peap: FAILURE > > > > Regards, > > Hugo Sousa > SysAdmin / NetworkAdmin > http://www.netsystems.pt > Portugal -- --Mike ----------------------------------- Michael Griego Wireless LAN Project Manager The University of Texas at Dallas - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
