Re: MS-CHAP2-Response is incorrect + invalid NT-Password
hello, i'm still stuck and don't know how to make it work i added in ldap.attrmap: checkItem Cleartext-Password userPassword checkItem NT-passworduserPassword but i stil have: [ldap] expand: %{User-Name} - bernard [ldap] expand: (cn=%{Stripped-User-Name:-%{User-Name}}) - (cn=bernard) [ldap] expand: dc=example,dc=com - dc=example,dc=com [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in dc=example,dc=com, with filter (cn=bernard) [ldap] Added User-Password = test in check items [ldap] No default NMAS login sequence [ldap] looking for check items in directory... [ldap] userPassword - NT-Password == 0x7465737420 [ldap] userPassword - Cleartext-Password == test [ldap] looking for reply items in directory... [ldap] user bernard authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] +- entering group MS-CHAP {...} *[mschap] Invalid NT-Password [mschap] Told to do MS-CHAPv2 for bernard with NT-Password [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. [mschap] FAILED: MS-CHAP2-Response is incorrect* ++[mschap] returns reject [eap] Freeing handler ++[eap] returns reject I don't understand why i still got an invalid NT-Password. thanks for your help - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MS-CHAP2-Response is incorrect + invalid NT-Password
can i post all the debug output? thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MS-CHAP2-Response is incorrect + invalid NT-Password
sorry for spamming, i just want to understand *OpenLDAP knows the clear text password:* [ldap] userPassword - Cleartext-Password == test [ldap] userPassword - NT-Password == 0x7465737420 *= supposed to be the hash password* [ldap] looking for reply items in directory... [ldap] user bernard authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] +- entering group MS-CHAP {...} *Is the inner tunnel part of the MSCHAPv2 is failing because it doesn't kwow the way of dealing with the password supplied ?* *Adding into ldap.attrmap the userPassword - NT-Password is enough to produce a correct NT hash password? *[mschap] Invalid NT-Password * * [mschap] Told to do MS-CHAPv2 for bernard with NT-Password [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. [mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject [eap] Freeing handler ++[eap] returns reject Failed to authenticate the user. } # server inner-tunnel [peap] Got tunneled reply code 3 MS-CHAP-Error = \nE=691 R=1 EAP-Message = 0x040a0004 Message-Authenticator = 0x [peap] Got tunneled reply RADIUS code 3 MS-CHAP-Error = \nE=691 R=1 EAP-Message = 0x040a0004 Message-Authenticator = 0x [peap] Tunneled authentication was rejected. [peap] FAILURE - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MS-CHAP2-Response is incorrect + invalid NT-Password
Hi, [ldap] userPassword - Cleartext-Password == test note the space at the end. your password is 'test ' not just 'test' is this deliberate? check your LDAP! alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MS-CHAP2-Response is incorrect + invalid NT-Password
Am 15.03.2010 um 11:35 schrieb omega bk: sorry for spamming, i just want to understand OpenLDAP knows the clear text password: [ldap] userPassword - Cleartext-Password == test [ldap] userPassword - NT-Password == 0x7465737420 = supposed to be the hash password I doub very much that this is a hash: 0x74: t 0x65: e 0x73: s 0x74: t 0x20: space (all in ASCII) Have you tried *not* to define a NT-Password and let Freeradius calculate from the Cleartext-Password what it needs? [...] Have a nice day! Nicolas Goutte extragroup GmbH - Karlsruhe Waldstr. 49 76133 Karlsruhe Germany Geschäftsführer: Stephan Mönninghoff, Hans Martin Kern, Tilman Haerdle Registergericht: Amtsgericht Münster / HRB: 5624 Steuer Nr.: 337/5903/0421 / UstID: DE 204607841 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MS-CHAP2-Response is incorrect + invalid NT-Password
thank u for your quick reply i fixed bernard's password in ldap so: [ldap] userPassword - Cleartext-Password == test [ldap] userPassword - NT-Password == 0x74657374 i added the password_radius_attribute = NT-Password but still the same: [mschap] Told to do MS-CHAPv2 for bernard with NT-Password [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. [mschap] FAILED: MS-CHAP2-Response is incorrect 2010/3/15 Alan Buxey a.l.m.bu...@lboro.ac.uk Hi, [ldap] userPassword - Cleartext-Password == test note the space at the end. your password is 'test ' not just 'test' is this deliberate? check your LDAP! alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MS-CHAP2-Response is incorrect + invalid NT-Password
Hi, [mschap] Told to do MS-CHAPv2 for bernard with NT-Password [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. [mschap] FAILED: MS-CHAP2-Response is incorrect get rid of the NT-Password LDAP hook if you're not using it. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MS-CHAP2-Response is incorrect + invalid NT-Password
Hi, you mean by commenting mschap in autorize and authenticate section? thanks 2010/3/15 Alan Buxey a.l.m.bu...@lboro.ac.uk Hi, [mschap] Told to do MS-CHAPv2 for bernard with NT-Password [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. [mschap] FAILED: MS-CHAP2-Response is incorrect get rid of the NT-Password LDAP hook if you're not using it. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MS-CHAP2-Response is incorrect + invalid NT-Password
forgot what i said. i commented the line: #checkItem NT-password userPassword in ldap.attrmap and it works!! THANK U ALAN you saved me 2010/3/15 omega bk omeg...@gmail.com Hi, you mean by commenting mschap in autorize and authenticate section? thanks 2010/3/15 Alan Buxey a.l.m.bu...@lboro.ac.uk Hi, [mschap] Told to do MS-CHAPv2 for bernard with NT-Password [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. [mschap] FAILED: MS-CHAP2-Response is incorrect get rid of the NT-Password LDAP hook if you're not using it. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MS-CHAP2-Response is incorrect + invalid NT-Password
another question? how freeradius deal with simultaneous mutiple access? thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MS-CHAP2-Response is incorrect + invalid NT-Password
Hi, another question? why not. how freeradius deal with simultaneous mutiple access? read the mailing list archives? read the documents that come with the product? doc/Simultaneous-Use alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html