Hello! We have a problem with a FreeRADIUS and Active Directory (Samba4) installation. After following:
http://deployingradius.com/documents/configuration/active_directory.html ntlm_auth is working correctly when I try to authenticate a WinXP SP3 client, however, the authentication fails here: Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] +- entering group MS-CHAP {...} [mschap] Told to do MS-CHAPv2 for tester with NT-Password [mschap] expand: %{Stripped-User-Name} -> [mschap] ... expanding second conditional [mschap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details [mschap] expand: %{User-Name:-None} -> tester [mschap] expand: --username=%{%{Stripped-User-Name}:-%{User-Name:-None}} -> --username=tester [mschap] mschap2: d6 [mschap] expand: --challenge=%{mschap:Challenge:-00} -> --challenge=d403bba2070cf6e8 [mschap] expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=af94dd4de371c9841bf877d46e305a02ded73887b31ee1b4 Exec-Program output: NT_KEY: 46400C4F130794910739F005A8C45821 Exec-Program-Wait: plaintext: NT_KEY: 46400C4F130794910739F005A8C45821 Exec-Program: returned: 0 [mschap] adding MS-CHAPv2 MPPE keys ++[mschap] returns ok MSCHAP Success ++[eap] returns handled } # server [peap] Got tunneled reply code 11 EAP-Message = 0x010800331a0307002e533d41343234334238464641363637383739374636463346334543354539344431433641363737383335 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5543652a544b7f1d5179a5e433696c2c [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x010800331a0307002e533d41343234334238464641363637383739374636463346334543354539344431433641363737383335 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5543652a544b7f1d5179a5e433696c2c [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 19 to 10.2.1.3 port 1645 EAP-Message = 0x0108004a1900170301003f02a1a58fbb50b524475113279c8c6e0233d96507294ed892871d2fe941c1832e90edbc635a5a6306e9aa9b4a21d153b3c6c2b1f34d0d760252495f5c05fabd Message-Authenticator = 0x00000000000000000000000000000000 State = 0x1b05ec0d1d0df5adcd779ed1359b432b Finished request 6. Going to the next request Waking up in 4.9 seconds. Cleaning up request 0 ID 13 with timestamp +18 Cleaning up request 1 ID 14 with timestamp +18 Cleaning up request 2 ID 15 with timestamp +18 Cleaning up request 3 ID 16 with timestamp +18 Cleaning up request 4 ID 17 with timestamp +18 Cleaning up request 5 ID 18 with timestamp +18 Cleaning up request 6 ID 19 with timestamp +18 Ready to process requests. I seems that FreeRADIUS is sending an Access-Challenge but does not get a reply. What can be the source of the problem? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
