On Tue, Apr 24, 2012 at 09:24:42AM +0000, Morris, Andi wrote: > My freeradius server seems to be falling back to local > authentication rather than piping it out to our ADS server. If > I create a local user on the radius box authentication is > successful. Can anyone please help with this? All relevant > info I can think of is below.
Initial guess - you've set MS-CHAP-Use-NTLM-Auth = Yes somewhere (check for broken entries in your users file, etc), so mschap isn't even trying to call ntlm_auth. > [mschapv2] # Executing group from file > /etc/raddb/sites-enabled/packetfence-tunnel > [mschapv2] +- entering group MS-CHAP {...} > [mschap] No Cleartext-Password configured. Cannot create LM-Password. > [mschap] No Cleartext-Password configured. Cannot create NT-Password. > [mschap] Creating challenge hash with username: sm18818 > [mschap] Told to do MS-CHAPv2 for sm18818 with NT-Password > [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. > [mschap] FAILED: MS-CHAP2-Response is incorrect Matthew -- Matthew Newton, Ph.D. <m...@le.ac.uk> Systems Architect (UNIX and Networks), Network Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ith...@le.ac.uk> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html