NT domain names and SQL authentication

2005-04-11 Thread Diego M. Vadell 
Hi,
  I've been fighting my ignorance for a week now. I'm trying to setup
FreeRadius with a Windows XP SP2 supplicant with mschap2 thru an
"Orinocco" access point.
I would like to use the username and password of the NT domain, but the
only way I can get logged in is making XP ask me for the credentials.
So to make it work, I add a line un users:
--8<---8<--
pirulo  User-Password == "chicos"
--8<---8<--

I also edited radiusd.conf and uncommented the sql lines. User "pirulo"
does not exists in SQL. With this setup, I can get
authenticated/authorized.

But, If I add a line like my NT username in users, I cant log in. The line
looks like this:
--8<---8<--
DOMAIN\\username   User-Password == "my_nt_domain_password"
--8<---8<--

I write down, exactly as I did with user pirulo, DOMAIN\\username and then
the password, and it doesnt work!

Also I tried asking windows to send my login credentials automatically,
but It didnt work.
Running radiusd in debug mode (-X) I get:

Processing the authorize section of radiusd.conf
(all the modules return either noop or ok)
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 19
  rlm_eap: EAP Identity
  rlm_eap: processing type md5
rlm_eap_md5: Issuing Challenge
  modcall[authenticate]: module "eap" returns handled for request 19
modcall: group authenticate returns handled for request 19
(everything looks fine)
Processing the authorize section of radiusd.conf (again - everyting ok )

And so it goes, processing authorize and authenticate sections, untill it
gives this error:

Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 25
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/mschapv2
  rlm_eap: processing type mschapv2
  Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 25
  rlm_mschap: NT Domain delimeter found, should we have enabled
with_ntdomain_hack?
  rlm_mschap: Told to do MS-CHAPv2 for DOMAIN\username with NT-Password
  rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
  modcall[authenticate]: module "mschap" returns reject for request 25
modcall: group Auth-Type returns reject for request 25
  rlm_eap: Freeing handler
  modcall[authenticate]: module "eap" returns reject for request 25
modcall: group authenticate returns reject for request 25
auth: Failed to validate the user.
Login incorrect: [DOMAIN\\username] (from client localhost port 0)
  PEAP: Tunneled authentication was rejected.
  rlm_eap_peap: FAILURE

And thus ends.
So, my question is: should I set an NT-Password attribute in the users file?

Thanks,
 -- Diego.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: NT domain names and SQL authentication

2005-04-11 Thread Jim Seymour 
"Diego M. Vadell" <[EMAIL PROTECTED]> wrote:
> 
> Hi,
>   I've been fighting my ignorance for a week now. I'm trying to setup
> FreeRadius with a Windows XP SP2 supplicant with mschap2 thru an
> "Orinocco" access point.
> I would like to use the username and password of the NT domain, but the
> only way I can get logged in is making XP ask me for the credentials.
> So to make it work, I add a line un users:
[snip]
> 

Go to this link: 

 

And follow the thread by clicking "Next" under "Thread Links" in the
upper left.  That may get you what you want.

Jim
-- 
Note: My mail server employs *very* aggressive anti-spam
filtering.  If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at .

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: NT domain names and SQL authentication

2005-04-12 Thread Diego M. Vadell 
Thank you Jim! Interesting thread. Although it doesnt enterely solves my 
problem, I think Im getting near.

 -- Diego.

On Monday 11 April 2005 23:34, Jim Seymour wrote:
> "Diego M. Vadell" <[EMAIL PROTECTED]> wrote:
> > Hi,
> >   I've been fighting my ignorance for a week now. I'm trying to setup
> > FreeRadius with a Windows XP SP2 supplicant with mschap2 thru an
> > "Orinocco" access point.
> > I would like to use the username and password of the NT domain, but the
> > only way I can get logged in is making XP ask me for the credentials.
> > So to make it work, I add a line un users:
>
> [snip]
>
>
> Go to this link:
>
> 
> l>
>
> And follow the thread by clicking "Next" under "Thread Links" in the
> upper left.  That may get you what you want.
>
> Jim

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html