Re: NT_STATUS_WRONG_PASSWORD: Wrong Password!!!
El 30/11/2011 16:57, Alan Buxey escribió:
Hi,
Hello friends, I tell them:
When I try to authenticate using mschap I encounter this
error''NT_STATUS_WRONG_PASSWORD: Wrong Password'', yet when I do the
test using authentic pap without problems. I'm trying to authenticate my
freeradius server with active directory server.
Greetings and waiting for your help. William
what happens when you run the ntlm_auth command direct on command line?
what version of SAMBA are you running?
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Fin a la injusticia, LIBERTAD AHORA A NUESTROS CINCO COMPATRIOTAS QUE SE
ENCUENTRAN INJUSTAMENTE EN PRISIONES DE LOS EEUU!
http://www.antiterroristas.cu
http://justiciaparaloscinco.wordpress.com
Hi Alan, when I run the ntlm_auth command gives me an effective response.
*ntlm_auth --request-nt-key --domain=MyDomain
--username=USER--password=PASS*
_/NT_STATUS_OK: Success (0x0)/_
_*freeradius -X (DEBUG MODE)*_
rad_recv: Access-Request packet from host 127.0.0.1 port 55866, id=115,
length=60
User-Name = "gwilliam"
User-Password = "1qazxsw23edc@"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/127.0.0.1/auth-detail-2030
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/127.0.0.1/auth-detail-2030
[auth_log] expand: %t -> Wed Nov 30 17:05:41 2011
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
++? if (!control:Auth-Type && User-Password)
? Evaluating !(control:Auth-Type ) -> TRUE
? Evaluating (User-Password) -> TRUE
++? if (!control:Auth-Type && User-Password) -> TRUE
++- entering if (!control:Auth-Type && User-Password) {...}
+++[control] returns noop
++- if (!control:Auth-Type && User-Password) returns noop
[ntlm_auth] expand: --username=%{mschap:User-Name} ->
--username=gwilliam
[ntlm_auth] expand: --password=%{User-Password} ->
--password=1qazxsw23edc@
Exec-Program output: NT_STATUS_OK: Success (0x0)
Exec-Program-Wait: plaintext: NT_STATUS_OK: Success (0x0)
Exec-Program: returned: 0
++[ntlm_auth] returns ok
[suffix] No '@' in User-Name = "gwilliam", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = ntlm_auth
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group ntlm_auth {...}
*[ntlm_auth] expand: --username=%{mschap:User-Name} ->
--username=gwilliam
[ntlm_auth] expand: --password=%{User-Password} ->
--password=1qazxsw23edc@
Exec-Program output: NT_STATUS_OK: Success (0x0)
Exec-Program-Wait: plaintext: NT_STATUS_OK: Success (0x0)*
Exec-Program: returned: 0
++[ntlm_auth] returns ok
# Executing section post-auth from file
/etc/freeradius/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 115 to 127.0.0.1 port 55866
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 115 with timestamp +34
Ready to process requests.
_*when I do the test using mschap radtest-t is when the key is erroneous*_
/radtest -t mschap gwilliam 1qazxsw23edc@ localhost 0 testing123/
rad_recv: Access-Request packet from host 127.0.0.1 port 37155, id=130,
length=116
User-Name = "gwilliam"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
MS-CHAP-Challenge = 0xd85c0848bec6df72
MS-CHAP-Response =
0x0001d6f2f97947a122925fa9019e04b04834cc4857db4a4d359f
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/127.0.0.1/auth-detail-2030
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/127.0.0.1/auth-detail-2030
[auth_log] expand: %t -> Wed Nov 30 17:07:09 2011
++[auth_log] returns ok
++[chap] returns noop
[mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
++[mschap] returns ok
++? if (!control:Auth-Type && User-Password)
? Evaluating !(control:Auth-Type ) -> FALSE
? Skipping (Use
Re: NT_STATUS_WRONG_PASSWORD: Wrong Password!!!
Hi, > Hello friends, I tell them: > When I try to authenticate using mschap I encounter this > error''NT_STATUS_WRONG_PASSWORD: Wrong Password'', yet when I do the > test using authentic pap without problems. I'm trying to authenticate my > freeradius server with active directory server. > Greetings and waiting for your help. William what happens when you run the ntlm_auth command direct on command line? what version of SAMBA are you running? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
NT_STATUS_WRONG_PASSWORD: Wrong Password!!!
Hello friends, I tell them: When I try to authenticate using mschap I encounter this error''NT_STATUS_WRONG_PASSWORD: Wrong Password'', yet when I do the test using authentic pap without problems. I'm trying to authenticate my freeradius server with active directory server. Greetings and waiting for your help. William Fin a la injusticia, LIBERTAD AHORA A NUESTROS CINCO COMPATRIOTAS QUE SE ENCUENTRAN INJUSTAMENTE EN PRISIONES DE LOS EEUU! http://www.antiterroristas.cu http://justiciaparaloscinco.wordpress.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius on FreeBSD - system passwords
On Thu, Dec 1, 2011 at 3:58 AM, Jim Pazarena wrote: > Ahh. the FreeBSD docs indicate that the default for password encryption > is MD5. > > Now I need to learn how to "use" MD5 within freeradius. > Suggestions would be most appreciated. FR should support MD5 just fine. Take a look at raddb/modules/passwd and see if you can adjust it. You need to run radiusd as root, of course. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error: Failed to send packet; No response from Server
Alan, I updated the ports tree in FreeBSD which upgraded FreeRadius to 2.1.12 from 2.1.10. After installation I am successful on doing basic PAP Authentication. It solved this issue. Thank You so much! -- View this message in context: http://freeradius.1045715.n5.nabble.com/Error-Failed-to-send-packet-No-response-from-Server-tp5030058p5036729.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius on FreeBSD - system passwords
Alan DeKok wrote, On 2011-11-30 9:47 AM: Jim Pazarena wrote: This is most baffling. When I ran cistron, it just "worked"; but I switched No. FreeRADIUS is 64-bit clean. My guess is that the passwords on 64-bit FreeBSD are *not* encrypted with the "crypt" function. There is some other API necessary to do password checks. I don't run FreeBSD, so I don't know what that is. Ahh. the FreeBSD docs indicate that the default for password encryption is MD5. Now I need to learn how to "use" MD5 within freeradius. Suggestions would be most appreciated. -- Jim Pazarenawork:250 559- Box 550 - 405 2nd Avenuefax: 866 279-3608 Queen Charlotte BC V0T 1S0mailto:j...@paz.bz - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Fwd: failure log from radius debug
Hi, > No. FreeRADIUS is 64-bit clean. > > My guess is that the passwords on 64-bit FreeBSD are *not* encrypted > with the "crypt" function. There is some other API necessary to do > password checks. BSD is a little different ;-) http://www.bsdcertification.org/downloads/user_management.pdf /etc/master.passwd - only root can read/view this...which may be an issue if the daemon runs with another userid ...its about time I spun up a BSD box...my personal favourite was DragonflyBSD to see how things fly ;-) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Fwd: failure log from radius debug
Jim Pazarena wrote: > This is most baffling. When I ran cistron, it just "worked"; but I switched > to 64-bit FreeBSD, and cistron doesn't like a 64-bit OS. Cistron is old... > I tried the login with 3 user IDs including my own, and all fail. > Any suggestions would be most appreciated. Is it possible that > freeradius2 needs > compiling with special flags for a 64-bit OS? No. FreeRADIUS is 64-bit clean. My guess is that the passwords on 64-bit FreeBSD are *not* encrypted with the "crypt" function. There is some other API necessary to do password checks. I don't run FreeBSD, so I don't know what that is. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: run radius in debug mode with screen
Коньков Евгений wrote: > > while using this verion > FreeRADIUS Version 2.1.3, for host i386-portbld-freebsd7.1, built on Jan 6 > 2009 at 10:52:08 > I can run radius as > /usr/local/bin/screen -d -m /usr/bin/nice -n -20 /r/radiusd debug What is "/r/radiusd debug" ? > but with > FreeRADIUS Version 2.1.10, for host i386-portbld-freebsd9.0, built on Nov 28 > 2011 at 00:20:11 > > it exit without any messages. > > Can you help me please to resolve this problem? Use the documented command-line options. Alan DeKk. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
run radius in debug mode with screen
while using this verion FreeRADIUS Version 2.1.3, for host i386-portbld-freebsd7.1, built on Jan 6 2009 at 10:52:08 I can run radius as /usr/local/bin/screen -d -m /usr/bin/nice -n -20 /r/radiusd debug but with FreeRADIUS Version 2.1.10, for host i386-portbld-freebsd9.0, built on Nov 28 2011 at 00:20:11 it exit without any messages. Can you help me please to resolve this problem? -- С уважением, Коньков mailto:kes-...@yandex.ru - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Connection Lost, tls resumption error
Am 30.11.2011 15:53, schrieb Alan DeKok: > Andreas Rudat wrote: >> in my enviroment I got three AP's runnning, all with the same essid, >> after a while the connection seems lost > WHAT connection? > > If it's the connection between the AP and the PC, this isn't a RADIUS > issue. I only saw that came in a new challange from the other AP. >> and a reconnection starts to >> another AP and then I get the resumption error but I have no idea why I >> lost the connection. No Errors in radius debug and a good reception is >> given. > The AP is responsible for sending RADIUS packets saying a connection > is down. If it doesn't send those packets, buy an AP which does send them. > >> The resumption error can be only avoid with restarting the wirless device. > Sounds like an AP problem to me. > > Alan DeKok. perhaps. I tried it now with three devices and three users and it works fine for an hour, no connection problem again, it could be that I used one user name twice before. So i hope it is solved with that. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Connection Lost, tls resumption error
Andreas Rudat wrote: > in my enviroment I got three AP's runnning, all with the same essid, > after a while the connection seems lost WHAT connection? If it's the connection between the AP and the PC, this isn't a RADIUS issue. > and a reconnection starts to > another AP and then I get the resumption error but I have no idea why I > lost the connection. No Errors in radius debug and a good reception is > given. The AP is responsible for sending RADIUS packets saying a connection is down. If it doesn't send those packets, buy an AP which does send them. > The resumption error can be only avoid with restarting the wirless device. Sounds like an AP problem to me. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Connection Lost, tls resumption error
To save other the trouble I will ask the obvious: 1) what does the RADIUS debug log say, please post it here IN FULL, do not clip out the portion you think you need. 2) have you checked the config on the client and the AP? 3) What part of this problem do you think is a RADIUS issue, and why? Jake Sallee Godfather of Bandwidth System Engineer University of Mary Hardin-Baylor 900 College St. Belton, Texas 76513 Fone: 254-295-4658 Phax: 254-295-4221 -Original Message- From: freeradius-users-bounces+jake.sallee=umhb@lists.freeradius.org [mailto:freeradius-users-bounces+jake.sallee=umhb@lists.freeradius.org] On Behalf Of Andreas Rudat Sent: Wednesday, November 30, 2011 8:25 AM To: FreeRadius users mailing list Subject: Connection Lost, tls resumption error Hi, in my enviroment I got three AP's runnning, all with the same essid, after a while the connection seems lost and a reconnection starts to another AP and then I get the resumption error but I have no idea why I lost the connection. No Errors in radius debug and a good reception is given. The resumption error can be only avoid with restarting the wirless device. Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Connection Lost, tls resumption error
Hi, in my enviroment I got three AP's runnning, all with the same essid, after a while the connection seems lost and a reconnection starts to another AP and then I get the resumption error but I have no idea why I lost the connection. No Errors in radius debug and a good reception is given. The resumption error can be only avoid with restarting the wirless device. Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
