Hi,

>    Could not authenticate user Username%Password with plaintext password
>    challenge/response password authentication succeeded

thats okay. means you couldnt do PAP and only MSCHAPv2 worked. expected for 
that command.

>    In this Step, i must edit the following line with this text in the file:
>    /etc/freeradius/modules/mschap
> 
>    ntlm_auth = "/path/to/ntlm_auth --request-nt-key
>    --username=%{mschap:User-Name:-None}
>    --domain=%{%{mschap:NT-Domain}:-MYDOMAIN}
>    --challenge=%{mschap:Challenge:-00}
>    --nt-response=%{mschap:NT-Response:-00}"
> 
>    But my default commented ntml_auth looks like this:
> 
>    ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
>    --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}}
>    --challenge=%{%{mschap:Challenge}:-00}
>    --nt-response=%{%{mschap:NT-Response}:-00}"

the docs and default values have seperated over time.  

>    In my default ntlm_auth, the option
>    "--domain=%{%{mschap:NT-Domain}:-MYDOMAIN}" is missing. Should i add it?

depends on what you want to do and need to do. do you TRUST your clients to be 
sending the correct
domain?  I dont...so I've set the domain manually.

>    $ radtest -t mschap bob hello localhost 0 testing123

>    First Line:
>    bob Cleartext-Password := "hello"

whats the users file got to do with anything? if you have clashing usernames 
you will have a few problems.
i expect you are trying to test your AD? the radtest failed due to incorrect 
password.. ie the AD is not bob/hello

I'd recommend using 'eapol_test' for better/advanced testing - its part of the 
wpa_supplicant
package.

>    @Mathieu
>    Is there a current RADIUS-book that you can recommend?

"FreeRADIUS for beginners" is a good current book

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to