Hello. No, I haven't edited the debug output. Why would I do this if I have a problem that want to get solved??. The debug output is exactly what I get from FreeRadius.
There have been more people in this list with the same problem, being the latest http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg31032.html. Even though he found a solution for his own problem, I followed his howto but unfortunately didn't worked for me. About the client, when I turn the computer on, I have to type in the user credentials, the same ones that I use when testing FreeRadius. Windows sends FreeRadius the same user information in the two cases, but the outcome is completely different and this of course makes no sense. There is no trick, this is a real problem I have. Thanks for any further assistance Héctor -----Ursprüngliche Nachricht----- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Phil Mayers Gesendet: Freitag, 8. Dezember 2006 19:32 An: FreeRadius users mailing list Betreff: Re: PEAP+MSCHAP+AD (please help) [EMAIL PROTECTED] wrote: > Hi there, this is an old issue, but AFAIAC hasn't been solved yet, that's why > I'm asking for help with this problem which is driving me crazy. > > > In the first attempt the user has checked the option "Automatically use my > Windows logon name and password (and domain if any)", user account is valid > in the domain and is not locked out, however user authentication fails. > > In the next attempt the user has unchecked this option, so everytime he > connects to the network he has to type his credentials in. After clicking > "Connect" he gets access. > > Why if Windows sends the same user information only in the latter case user > is able to get in? > > Exec-Program: /opt/samba/bin/ntlm_auth --request-nt-key > --domain=DOMAIN --username=testuser --challenge=c61ad7019723b68d > --nt-response=70fb1b0438208667d0bac6eb895ea8644b413566785d5785 > Exec-Program output: Logon failure (0xc000006d) > Exec-Program-Wait: plaintext: Logon failure (0xc000006d) > Exec-Program: returned: 1 > rlm_mschap: External script failed. > rlm_mschap: FAILED: MS-CHAP2-Response is incorrect > modcall[authenticate]: module "mschap" returns reject for request 7 It failed because the client returned the wrong challenge > Exec-Program: /opt/samba/bin/ntlm_auth --request-nt-key > --domain=DOMAIN --username=testuser --challenge=aea3ef9fe78f8ac2 > --nt-response=8c6a735e29ed7cddb8c02ae601424aca79d115544324731d > Exec-Program output: NT_KEY: 12047FA4AC9D0AA0F53475F2FA2D03AF > Exec-Program-Wait: plaintext: NT_KEY: 12047FA4AC9D0AA0F53475F2FA2D03AF > Exec-Program: returned: 0 > modcall[authenticate]: module "mschap" returns ok for request 16 > modcall: leaving group MS-CHAP (returns ok) for request 16 MSCHAP > Success Whereas that worked. It looks to me as if you've edited the debug output so I can't be sure, but I'd suggest looking at the client - the radius server is configured correctly. Perhaps the client is not in fact logging on to the laptop with the correct username and password. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
