Re: Problem with ntlm winbind - No User-Password configured. Cannot create LM-Password
Konne <[EMAIL PROTECTED]> wrote: > but i dont know if this error is something special. or isnt it an error? It's a warning, not an error. > if i like to distinguish admin vlan and user-vlan, how i can do it. i > have no idea. > has someone any idea? What's in the packets? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with ntlm winbind - No User-Password configured. Cannot create LM-Password
Hi, thx... now its running... :-) but i dont know if this error is something special. or isnt it an error? its that log ok? modcall: group authorize returns updated for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 Processing the authenticate section of radiusd.conf modcall: entering group Auth-Type for request 6 * rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password.* rlm_mschap: Told to do MS-CHAPv2 for Lehrer with NT-Password radius_xlat: Running registered xlat function of module mschap for string 'NT-Domain' radius_xlat: Running registered xlat function of module mschap for string 'User-Name' radius_xlat: Running registered xlat function of module mschap for string 'Challenge' mschap2: cb radius_xlat: Running registered xlat function of module mschap for string 'NT-Response' if i like to distinguish admin vlan and user-vlan, how i can do it. i have no idea. has someone any idea? thx konne J ames J J Hooper schrieb: --On Wednesday, March 29, 2006 15:47:15 +0200 Konne <[EMAIL PROTECTED]> wrote: hi my problem is following: Exec-Program: /usr/bin/ntlm_auth --request-nt-key --domain=X --username=USER --challenge=921647d950709696 --nt-response=5882778194e622a6b9da392d2852d62ceb17144f53e7ced2 Exec-Program output: winbind client not authorized to use winbindd_pam_auth_crap. Ensure permissions on /var/cache/samba/winbindd_privileged are set correctly. (0xc022) Exec-Program-Wait: plaintext: winbind client not authorized to use winbindd_pam_auth_crap. Ensure permissions on /var/cache/samba/winbindd_privileged are set correctly. (0xc022) change the permissions on /var/cache/samba/winbindd_privileged so that the user radius runs as has access to it. e.g: chgrp radiusd /var/cache/samba/winbindd_privileged chmod g+rw /var/cache/samba/winbindd_privileged Regards, James -- James J J Hooper, Information Services University of Bristol -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with ntlm winbind - No User-Password configured. Cannot create LM-Password
Konne <[EMAIL PROTECTED]> wrote: > i searched on the web but i found nothing. someone has an idea? READ the debug output you posted to the list: > Exec-Program-Wait: plaintext: winbind client not authorized to use > winbindd_pam_auth_crap. Ensure permissions on > /var/cache/samba/winbindd_privileged are set correctly. (0xc022) Maybe that text would be relevant... but you have to READ IT. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with ntlm winbind - No User-Password configured. Cannot create LM-Password
--On Wednesday, March 29, 2006 15:47:15 +0200 Konne <[EMAIL PROTECTED]> wrote: hi my problem is following: Exec-Program: /usr/bin/ntlm_auth --request-nt-key --domain=X --username=USER --challenge=921647d950709696 --nt-response=5882778194e622a6b9da392d2852d62ceb17144f53e7ced2 Exec-Program output: winbind client not authorized to use winbindd_pam_auth_crap. Ensure permissions on /var/cache/samba/winbindd_privileged are set correctly. (0xc022) Exec-Program-Wait: plaintext: winbind client not authorized to use winbindd_pam_auth_crap. Ensure permissions on /var/cache/samba/winbindd_privileged are set correctly. (0xc022) change the permissions on /var/cache/samba/winbindd_privileged so that the user radius runs as has access to it. e.g: chgrp radiusd /var/cache/samba/winbindd_privileged chmod g+rw /var/cache/samba/winbindd_privileged Regards, James -- James J J Hooper, Information Services University of Bristol -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem with ntlm winbind - No User-Password configured. Cannot create LM-Password
hi my problem is following: ... auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 Processing the authenticate section of radiusd.conf modcall: entering group Auth-Type for request 6 rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for lehrer with NT-Password radius_xlat: Running registered xlat function of module mschap for string 'NT-Domain' radius_xlat: Running registered xlat function of module mschap for string 'User-Name' radius_xlat: Running registered xlat function of module mschap for string 'Challenge' mschap2: 5b radius_xlat: Running registered xlat function of module mschap for string 'NT-Response' radius_xlat: '/usr/bin/ntlm_auth --request-nt-key --domain=X --username=USER --challenge=921647d950709696 --nt-response=5882778194e622a6b9da392d2852d62ceb17144f53e7ced2' Exec-Program: /usr/bin/ntlm_auth --request-nt-key --domain=X --username=USER --challenge=921647d950709696 --nt-response=5882778194e622a6b9da392d2852d62ceb17144f53e7ced2 Exec-Program output: winbind client not authorized to use winbindd_pam_auth_crap. Ensure permissions on /var/cache/samba/winbindd_privileged are set correctly. (0xc022) Exec-Program-Wait: plaintext: winbind client not authorized to use winbindd_pam_auth_crap. Ensure permissions on /var/cache/samba/winbindd_privileged are set correctly. (0xc022) Exec-Program: returned: 1 rlm_mschap: External script failed. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect modcall[authenticate]: module "mschap" returns reject for request 6 modcall: group Auth-Type returns reject for request 6 rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns reject for request 6 modcall: group authenticate returns reject for request 6 auth: Failed to validate the user. PEAP: Got tunneled reply RADIUS code 3 MS-CHAP-Error = "\010E=691 R=1" EAP-Message = 0x04080004 Message-Authenticator = 0x PEAP: Processing from tunneled session code 0xa050d40 3 MS-CHAP-Error = "\010E=691 R=1" EAP-Message = 0x04080004 Message-Authenticator = 0x PEAP: Tunneled authentication was rejected. rlm_eap_peap: FAILURE modcall[authenticate]: module "eap" returns handled for request 6 modcall: group authenticate returns handled for request 6 Sending Access-Challenge of id 67 to 10.92.124.2:1645 EAP-Message = 0x010900261900170301001b0e5cfcbdba58b6fa4dff4d6d233650499c90b171a8c8a5ea5c7269 Message-Authenticator = 0x State = 0xcd4008f5215934f6b818f5c3915e05b3 Finished request 6 Going to the next request Waking up in 5 seconds... i searched on the web but i found nothing. someone has an idea? thx - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html