So, I read all of the debugging output and I find that mschap failed
to find a nt/lm password and stop the real authentication at this
moment.
Can you know what is the problem? I think freeradius can't find active
directory but it works when I only use the ntlm_auth command so I
don't understand.
I put my mschap section and a part of the freeradius logs if it can help you.
mschap {
authtype = MS-CHAP
#use_mppe = no
#require_encryption = yes
#require_strong = yes
#with_ntdomain_hack = no
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
--username=%{Stripped-User-Name:-%{User-Name:-None}}
--domain=mslab
--challenge=%{mschap:Challenge:-00}
--nt-response=%{mschap:NT-Response:-00}"
}
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 236
rlm_mschap: No User-Password configured. Cannot create LM-Password.
rlm_mschap: No User-Password configured. Cannot create NT-Password.
rlm_mschap: Told to do MS-CHAPv2 for clerk with NT-Password
rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication.
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
modcall[authenticate]: module "mschap" returns reject for request
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
