I cleared the check box, but the problem still exists. I think the problem isn't the client, because I have used the same scenario and the same configuration with the IAS Radius Server from Microsoft and all worked well, but I won't use the IAS for this project. It is important for me to get freeradius worked.
> My first FreeRadius Post, and I don't think I can answer your problem, > but I think I can clarify the problem. > > When you configure the MSCHAPv2 properties in the Windows client, you > are selecting "Automatically Use my Windows Username and Password (And > Domain if available)" You get the error you posted. > > When you do not select that check box, everything seems to work fine? > > Is this describing your problem? > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Peter > Zwilling > Sent: Tuesday, April 26, 2005 4:30 PM > To: freeradius-users@lists.freeradius.org > Subject: FreeRADIUS and Active Directory > > Hello all, > > I'd like to run a Wireless LAN with a Windows XP SP2 Client, a > FreeRADIUS > 1.0.2 Server and a Windows 2003 Server with Active Directory. For the > authentication PEAP and MS-CHAPv2 is used. This scenario works quite > well when I am logged on as the local Administrator on the Client and I > then use username, password and domainname for the logon to active > directory via WLAN. > > But the problem is, when I want to logon with the same credientials at > the Windows logon prompt, I get a message that the domain is > unavailable. > > An abstract of the radius log details is shown below: > > ... > modcall: entering group Auth-Type for request 22 > rlm_mschap: No User-Password configured. Cannot create LM-Password. > rlm_mschap: No User-Password configured. Cannot create NT-Password. > rlm_mschap: Told to do MS-CHAPv2 for host/ad.test.org with NT-Password > radius_xlat: Running registered xlat function of module mschap for > string 'Challenge' > mschap2: cf > radius_xlat: Running registered xlat function of module mschap for > string 'NT-Response' > radius_xlat: '/usr/bin/ntlm_auth --request-nt-key > --username=host/ad.test.org --domain=test.org > --challenge=cfb35490850a0c83 > --nt-response=e4ad6e42383d30ab84725f3815b3961df9c4d5fb5aa76f80' > Exec-Program: /usr/bin/ntlm_auth --request-nt-key > --username=host/ad.test.org --domain=test.org > --challenge=cfb35490850a0c83 > --nt-response=e4ad6e42383d30ab84725f3815b3961df9c4d5fb5aa76f80 > Exec-Program output: Logon failure (0xc000006d) > Exec-Program-Wait: plaintext: Logon failure (0xc000006d) > Exec-Program: returned: 1 > rlm_mschap: External script failed. > rlm_mschap: FAILED: MS-CHAP2-Response is incorrect > modcall[authenticate]: module "mschap" returns reject for request 22 > modcall: group Auth-Type returns reject for request 22 > rlm_eap: Freeing handler > modcall[authenticate]: module "eap" returns reject for request 22 > modcall: group authenticate returns reject for request 22 > auth: Failed to validate the user. > PEAP: Tunneled authentication was rejected. > rlm_eap_peap: FAILURE > ... > > So, what I can see is that Windows uses the hostname, in this case > "ad.test.org", for authentification. But I think this should be correct, > because windows should attempt to use the machine account, if the user > credientials are unavailable. > > So, why doesn't work the authentication with machine accounts? Does > anybody have the same problems get freeradius working with active > directory? > > Sorry, about my english, but I hope anybody can understand my problem. > > I would be very grateful if anybody can help me to solve this problem, > because I have spent so much time for this project and I can not give it > up. > > Best regards > > Peter > > > > > > > > > > > > > > > > > > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html