Antonio Matera wrote:
Your eap.conf is irrelevant because...
authorize {
preprocess
mschap
suffix
#eap
files
}
...you've disabled eap by commenting it out.
Why do people insist on breaking the server? Start with the default
config and make small changes to work towards what you need. Making
massive changes without understanding the consequences just breaks it.
In the second part off my last mail I have insert the log with eap
config. The changes in my server are for the EAP-TLS authentication. I
need two different authentication for my purpose.
I don't understand you here.
I don't know if I have to insert in the authorize and authenticate
module eap. Whitout it I have this log:
Of course you do. How else would EAP work?
I re-write my log with eap conf.
radius_xlat: '/usr/bin/ntlm_auth --request-nt-key --domain=create-net
--username=antonio --challenge=bede046aa1e50281
--nt-response=d483da3fd5896df961259f08a02a57a8e6d1e5de14c5ac81'
Exec-Program: /usr/bin/ntlm_auth --request-nt-key --domain=create-net
--username=antonio --challenge=bede046aa1e50281
--nt-response=d483da3fd5896df961259f08a02a57a8e6d1e5de14c5ac81
Exec-Program output: Logon failure (0xc000006d)
Exec-Program-Wait: plaintext: Logon failure (0xc000006d)
It's hard to be sure since it looks like you've pasted together 3 or 4
runs of the server into one debug log, but the above message is very
clear. Logon failure.
The radius server is working fine. For some reason ntlm_auth is failing
your password. This could be because you've typed it wrong, or a samba
or AD/NT misconfiguration.
Try removing the "--domain" argument from the ntlm_auth helper. If
"create-net" is your default domain it should not be needed and I've
seen issues with it before.
Does "ntlm_auth --username=antonio --password=yourpass" work?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
