hi alan, enabling log_goodpass and log_badpass I took this lines: rlm_mschap: External script failed. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect modcall[authenticate]: module "mschap" returns reject for request 6 modcall: leaving group MS-CHAP (returns reject) for request 6 rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns reject for request 6 modcall: leaving group authenticate (returns reject) for request 6 auth: Failed to validate the user. Login incorrect (rlm_mschap: Logon failure (0xc000006d)): [REFAP\\dadfh9/<no User-Password attribute>] (from client localhost port 0)
this means that ntlm_auth isn't receiving password parameter?? On 8/17/07, Alexsander <[EMAIL PROTECTED]> wrote: > hi alan, > when I captured log I was using "radiusd -X -A -y -z > output.log" > > another thing: > I capture some pieces of output log: > radius_xlat: Running registered xlat function of module mschap for > string 'NT-Domain' > radius_xlat: '--domain=REFAP' > radius_xlat: Running registered xlat function of module mschap for > string 'User-Name' > radius_xlat: '--username=dadfh9' > radius_xlat: Running registered xlat function of module mschap for > string 'Challenge' > mschap2: c6 > radius_xlat: '--challenge=8fd10da49268b4b6' > radius_xlat: Running registered xlat function of module mschap for > string 'NT-Response' > radius_xlat: '--nt-response=aed525bc59e35522e8cf9fff11c533d9c5c866d6eb0f47c1' > > and did another test: > > > s8860ru01:/tmp# /usr/bin/ntlm_auth --request-nt-key --domain=REFAP > --username=dadfh9 --challenge=8fd10da49268b4b6 > --nt-response=aed525bc59e35522e8cf9fff11c533d9c5c866d6eb0f47c1 > Logon failure (0xc000006d) <-----logon error again > s8860ru01:/tmp# > s8860ru01:/tmp# /usr/bin/ntlm_auth --request-nt-key --domain=REFAP > --username=dadfh9 > password: > [2007/08/17 14:47:06, 10] intl/lang_tdb.c:lang_tdb_init(138) > lang_tdb_init: /usr/share/samba/en_US.UTF-8.msg: No such file or directory > NT_STATUS_OK: Success (0x0) > s8860ru01:/tmp# > > > it's like wrong response or challenge ou some kind of hash. > ps.: on output.log I saw this lines: > mschap: with_ntdomain_hack = yes > mschapv2: with_ntdomain_hack = no <----- this must be yes or not? > preprocess: with_ntdomain_hack = no > > > > On 8/17/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > hi, > > > > last time i checked i'm sure its printed in full debug mode : > > > > radiusd -X > > > > > > alan > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > > -- > Alexsander A. Rodrigues > > Se você tivesse que identificar, em uma palavra, a razão pela qual a > raça humana ainda não atingiu (e nunca atingirá) todo o seu potencial, > essa palavra seria "REUNIÕES". > L.F.V. > > http://counter.li.org/cgi-bin/runscript/display-person.cgi?user=413267 > -- Alexsander A. Rodrigues Se você tivesse que identificar, em uma palavra, a razão pela qual a raça humana ainda não atingiu (e nunca atingirá) todo o seu potencial, essa palavra seria "REUNIÕES". L.F.V. http://counter.li.org/cgi-bin/runscript/display-person.cgi?user=413267 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html