Hi, I am attempting to replicate a test setup into production and somewhere along the way I must have forgotten something.
I have an NT-Password stored in a mysql database and currently get the following response from freeradius upon authenticating: rad_recv: Access-Request packet from host 127.0.0.1 port 58065, id=224, length=130 Service-Type = Framed-User Framed-Protocol = PPP User-Name = "jo" MS-CHAP-Challenge = 0x6bc832b0733a709ab358ab111e88da69 MS-CHAP2-Response = 0x0d00f974435c9a9eb2abaa5f8350b8c4b30600000000000000000a9a21d7cb82b31bfbd804045063702431fa9ff46e928dd9 NAS-IP-Address = xx.xx.xx.xx NAS-Port = 0 +- entering group authorize {...} ++[preprocess] returns ok [mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap' ++[mschap] returns ok [suffix] No '@' in User-Name = "jo", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop [sql] expand: %{User-Name} -> jo [sql] sql_set_user escaped user --> 'jo' rlm_sql (sql): Reserving sql socket id: 1 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'jo' ORDER BY id rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'jo' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'jo' ORDER BY id rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'jo' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'jo' ORDER BY priority rlm_sql_mysql: query: SELECT groupname FROM radusergroup WHERE username = 'jo' ORDER BY priority rlm_sql (sql): Released sql socket id: 1 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Normalizing NT-Password from hex encoding [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = MSCHAP +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] Found NT-Password [mschap] Told to do MS-CHAPv2 for jo with NT-Password [mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> jo attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 6 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 6 Sending Access-Reject of id 224 to 127.0.0.1 port 58065 Waking up in 4.9 seconds. Cleaning up request 6 ID 224 with timestamp +888 Ready to process requests. I think I missed one option when documenting the test setup. Unfortunately the test setup was accidentally deleted. Would anyone know what I missed? Thanks, Jon. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html