[EMAIL PROTECTED] wrote:
Hello. No, I haven't edited the debug output. Why would I do this if
I have a problem that want to get solved??. The debug output is
exactly what I get from FreeRadius.
People do some surprising things on this mailing list...
I saw that you had a domain called DOMAIN, which is not very common, and
assumed "the worst" i.e. that you had edited the output.
There have been more people in this list with the same problem, being
the latest
http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg31032.html.
Even though he found a solution for his own problem, I followed his
howto but unfortunately didn't worked for me.
About the client, when I turn the computer on, I have to type in the
user credentials, the same ones that I use when testing FreeRadius.
Windows sends FreeRadius the same user information in the two cases,
but the outcome is completely different and this of course makes no
sense.
There is no trick, this is a real problem I have.
I didn't imagine you were trying to trick us.
As far as I can tell, your FreeRadius configuration looks correct. It's
able to answer at least some MS-CHAP requests, and as you say there's no
real difference as far as the server is concerned between and automatic
or manual client login.
This makes me suspect that there *is* a difference between such on the
client side.
Couple of other things you could try:
netsh ras set tracing * enable
...on the windows client side, then inspect the logs (If memory serves
they go do %WINDIR%/system32/tracing)
Also - the client is in DOMAIN, the server is also in DOMAIN yes? As in,
you're not trying to authenticate a trusted domain user?
Finally, I see you've got the ntlm_auth helper set to:
/opt/samba/bin/ntlm_auth --request-nt-key
--domain=%{mschap:NT-Domain:-DOMAIN} --username=%{mschap:User-Name}
--challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}
You could try removing the --domain argument completely -
though you should not need to.
You could obviously also bump the Samba debugging level for a failing
login and inspect the samba logs.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
