Re: pptpd mschap auth fails

the auth fails however when i try conencting from my windows8 client. i need to mention that i am sure i'm inputting correct passwords. No, you're not. [mschap] Found NT-Password [mschap] Creating challenge hash with username: testuser1 [mschap] Told to do MS-CHA

Re: pptpd mschap auth fails

attempts mschapv1) and it gives me the same error [root@be-vpn ~]# radtest -t mschap betatesting1 secret 127.0.0.1 1812 myubersecretpassword Sending Access-Request of id 13 to 127.0.0.1 port 1812 User-Name = "betatesting1" NAS-IP-Address = 127.0.0.1

Re: pptpd mschap auth fails

Horatiu Nimigean wrote: > the auth fails however when i try conencting from my windows8 client. > i need to mention that i am sure i'm inputting correct passwords. No, you're not. > [mschap] Found NT-Password > [mschap] Creating challenge hash with username: t

Re: pptpd mschap auth fails

On 06/08/13 16:04, Horatiu Nimigean wrote: i have pptpd on a centos 6 box configured to use radius for auth. radius in turn checks credentials in ldap. the user in ldap has a samba extension and a configured password (i used ldap account manager to set it up) it also has a sambaNTPassword field a

pptpd mschap auth fails

returns ok ++[chap] returns noop [mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap' ++[mschap] returns ok ++[digest] returns noop [suffix] No '@' in User-Name = "testuser1", looking up realm NULL [suffix] No such realm "NULL&q

Re: [again] Error "[mschap] No Cleartext-Password configured. Cannot create LM-Password."

Holger Wesser wrote: > I've googled a while and found different solutions for the error > message: [mschap] No Cleartext-Password configured. Cannot create > LM-Password. There's only one solution: give the server a "known good" password. e.g. Cleartext-Password,

Re: FreeRADIUS 3.0 : mschap module fails to execute ntlm_auth

nstalled Ubuntu and build the server with. apt-get build-dep freeradius apt-get install libssl-dev ./configure && make && make install The result is the same. The first time i try to authenticate the mschap module says "ERROR: (0) ERROR: mschap : Abnormal child exit:

Re: [SPAM] FreeRADIUS 3.0 : mschap module fails to execute ntlm_auth

On 8 Jun 2013, at 10:30, nicolas@ricoh-industrie.fr wrote: > I have the same problem after upgrade Freeradius to version 3. > Before, ntlm worked very well but it seems that the new version used the ntlm > module differently. Thanks for flagging your email appropriately. Arran Cudbard-Bell

Re: [SPAM] Re: FreeRADIUS 3.0 : mschap module fails to execute ntlm_auth

users mailing list De : John Dennis Envoyé par : freeradius-users-bounces+nicolas.clo=ricoh-industrie...@lists.freeradius.orgDate : 07/06/2013 17:12Objet : [SPAM] Re: FreeRADIUS 3.0 : mschap module fails to execute ntlm_authOn 06/07/2013 10:46 AM, Bjarni Hardarson wrote:> I am sure that the ntlm_a

Re: FreeRADIUS 3.0 : mschap module fails to execute ntlm_auth

On 06/07/2013 10:46 AM, Bjarni Hardarson wrote: > I am sure that the ntlm_auth file is at /usr/bin/ntlm_auth and if i run it > manually with the expanded attributes i get the NT_KEY. > > root@freelab:/#/usr/bin/ntlm_auth --request-nt-key --username=vpntest > --challenge=d9a8b4d1c188ae1b > --nt-

FreeRADIUS 3-0 : mschap problem.

Hi list, I just tried to upgrade FreeRADIUS to the latest version from git. My goal is to get the passchange feature working in the mschap module. I am unable to get ntlm_auth to work in mschap. debug output, --- Debug: (0) mschap : expand: '--nt-response=%{%{mschap:NT-Response

FreeRADIUS 3.0 : mschap module fails to execute ntlm_auth

Hi list, I just tried to upgrade FreeRADIUS to the latest version from git. My goal is to get the passchange feature working in the mschap module. I am unable to get ntlm_auth to work in mschap. debug output, --- Debug: (0) mschap : expand: '--nt-response=%{%{mschap:NT-Response

Re: [Help] radtest mschap problem

On Sun, Apr 28, 2013 at 1:31 AM, Andres wrote: > Thank you all for your replays, > > I used SLES 11 freeradius standard package and it was too old, > and it was my mistake and took a few days off my life. > Hopefully someone else does not make the same mistake If all you need

Re: [Help] radtest mschap problem

on: 2.1.1-7.16.1 > > also installed freeradius-server-libs and utils > > Why? That version is SEVEN YEARS old. > > Upgrade. Really. > > And you're using a version of radclient which doesn't support mschap. > So... why are you trying to use mschap? > >

Re: [Help] radtest mschap problem

Andres wrote: > FreeRADIUS server Version: 2.1.1-7.16.1 > also installed freeradius-server-libs and utils Why? That version is SEVEN YEARS old. Upgrade. Really. And you're using a version of radclient which doesn't support mschap. So... why are you trying to use mscha

Re: [Help] radtest mschap problem

ats your problem. OLD the current one says this: usage() { echo "Usage: radtest [OPTIONS] user passwd radius-server[:port] nas-port -number secret [ppphint] [nasname]" >&2 echo "-d RADIUS_DIR Set radius directory" >&2 echo "

Re: [Help] radtest mschap problem

"Framed-Protocol = PPP" fi ) | $radclient $DICTIONARY -x $3 auth $5 Andres 2013/4/26 > Hi, > > what version of FreeRADIUS? are you sure you arent running old copies of > radclient/radtest > > ie you THINK you can do "-t mschap" but the wrapper or binary

Re: [Help] radtest mschap problem

Hi, what version of FreeRADIUS? are you sure you arent running old copies of radclient/radtest ie you THINK you can do "-t mschap" but the wrapper or binary doesnt radclient -v ? which radtest then cat the resulting file. alan - List info/subscribe/unsubscribe

Re: [Help] radtest mschap problem

mschap testing passme 127.0.0.1 0 testing123456 radclient: Failed to find IP address for host testing: Success . radius:/etc # radtest testing passme 127.0.0.1 0 testing123456 Sending Access-Request of id 177 to 127.0.0.1 port 1812 User-Name = "testing"

Re: [Help] radtest mschap problem

2013/4/26 Chitrang Srivastava > >> Most likely your host file didnt have entry of your domain name, >> dump your hostname and /etc/hosts file here and then we can comment better >> >> On Thu, Apr 25, 2013 at 10:52 PM, Andres wrote: >> >>> Hello All, >&

Re: [Help] radtest mschap problem

Andres wrote: > this way looks my hosts file: Well... something is wrong with DNS on your system. The only advantage to using radtest is that it's simpler than radclient. But it's just a wrapper around radclient. You can edit radtest to remove the DNS lookups, or write your own wrapper whic

Re: [Help] radtest mschap problem

On Thu, Apr 25, 2013 at 10:52 PM, Andres wrote: > >> Hello All, >> >> I'm trying to test mschap with radtest but it gives me strange error >> message. >> I've tried to solve it several days, but had no success. >> >> I'm using synt

Re: [Help] radtest mschap problem

Most likely your host file didnt have entry of your domain name, dump your hostname and /etc/hosts file here and then we can comment better On Thu, Apr 25, 2013 at 10:52 PM, Andres wrote: > Hello All, > > I'm trying to test mschap with radtest but it gives me strange error >

[Help] radtest mschap problem

Hello All, I'm trying to test mschap with radtest but it gives me strange error message. I've tried to solve it several days, but had no success. I'm using syntax like that: $ radtest -t mschap user password 127.0.0.1 0 secret radclient : Failed to find IP address for hos

Re: mschap module vs ntlm_auth module

ng an instance of the "exec" module called > "ntlm_auth". This processes PAP requests, and is tested by forcing Auth-Type > > 2. It then talks about throwing that config away (remove the Auth-Type, > stop using that module) and now configuring the "mschap" mo

Re: mschap module vs ntlm_auth module

Auth-Type 2. It then talks about throwing that config away (remove the Auth-Type, stop using that module) and now configuring the "mschap" module, by setting the "ntlm_auth" helper. It might be a bit confusing that "ntlm_auth" is used twice there - once as the n

Re: mschap module vs ntlm_auth module

d/inner-tunnel file." we dont do that. we just have ntlm_auth as required configured in the mschap module. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

mschap module vs ntlm_auth module

not needed to add it, as freeradius is using mschap module to autenticate. +- entering group MS-CHAP {...} [mschap] Client is using MS-CHAPv1 with NT-Password [mschap] expand: %{Stripped-User-Name} -> oscarrdg [mschap] expand: --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}}

Fw: [mschap] No Cleartext-Password configured. Cannot createLM-Password.

NAS-IP-Address = 192.168.30.15 # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop [mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap' ++[mschap] returns ok [suffix]

Re: EAP / MSCHAP / Certificate Troubles

gt; This suggests the problem isn't certs, since you're inside the PEAP tunnel > at this point. > > Check that samba/winbind are working ok, patched to the same level, etc. - > it looks like the "well" known "mangling mschap response" issue. > - >

Re: EAP / MSCHAP / Certificate Troubles

looks like the "well" known "mangling mschap response" issue. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

EAP / MSCHAP / Certificate Troubles

Hey, I need a bit of assistance. Brief summary: I have two RADIUS servers connected to different Active Directory domains. I got through the basic setup, EAP-PEAP / MSCHAP were working successfully authenticating against both domains. Then: - I upgraded freeradius on both from 2.1.10 to 2.2.0

Re: Issue with MSCHAP

Roger thanks On Nov 5, 2012 11:35 PM, "Fajar A. Nugraha" wrote: > On Mon, Nov 5, 2012 at 6:47 PM, Ryan Summey wrote: > > Thank you for the help guys really appreciate it. Is there anyway to > > automate this? > > My best advice would be to read "Advanced Bash-Scripting Guide", as > well as "Awk

Re: Issue with MSCHAP

On Mon, Nov 5, 2012 at 6:47 PM, Ryan Summey wrote: > Thank you for the help guys really appreciate it. Is there anyway to > automate this? My best advice would be to read "Advanced Bash-Scripting Guide", as well as "Awk Introduction Tutorial – 7 Awk Print Examples" (hint: use Google), and combine

Re: Issue with MSCHAP

Thank you for the help guys really appreciate it. Is there anyway to automate this? On Nov 5, 2012 12:54 AM, "Fajar A. Nugraha" wrote: > On Mon, Nov 5, 2012 at 6:26 AM, Ryan Summey wrote: > > What do i need to do to enable nt-hash rather than pap? > > That question should be: "how do I put nt-ha

Re: Issue with MSCHAP

On Mon, Nov 5, 2012 at 6:26 AM, Ryan Summey wrote: > What do i need to do to enable nt-hash rather than pap? That question should be: "how do I put nt-hash password in the db"? IIRC the attribute name is "NT-Password" (you use this instead of "Cleartext-Password" as "attribute" in radcheck), an

Re: Issue with MSCHAP

Yes this is VPN sorry for the confusion... DB is a mysql and isnt hosted locally. I created it at my hosting company. I setup a virtual machine with ubuntu server on my desktop with everything i need. This all works with clear-text passwords from my phone. What do i need to do to enable nt-hash

Re: Issue with MSCHAP

Hi, >yeah i haven't touched anything just setup ubuntu server + pptp + >freeradius + mysql thats it.  ah. VPN stuff - you should have clarified the pointers about TTLS etc from others was for enterprise wireless (WPA2/AES - aka WPA/RADIUS) 2 step approach - secure access to the DB i

Re: Issue with MSCHAP

yeah i haven't touched anything just setup ubuntu server + pptp + freeradius + mysql thats it. My phone is android and in the vpn settings it has pptp options but i cant select eap-ttls .. its ppp encryption(MPPE) and that uses mschapv2 i believe. How would i get this to work using a encrypted pas

Re: Issue with MSCHAP

Hi, >Is there any tutorials on how to do this ? choose EAP-TTLS/PAP on the client. so long as you havent butchered your eap.conf (of mods-enabled/eap on FR 3.x) then it will just work. (EAP-TTLS is one of the EAP methods that FR natively supports) you can use eapol_test (part of wpa_suppl

Re: Issue with MSCHAP

gt;> including configuration file /etc/freeradius/modules/echo >> including configuration file /etc/freeradius/modules/expiration >> including configuration file /etc/freeradius/modules/files >> including configuration file /etc/freeradius/modules/mac2vlan >> including con

Re: Issue with MSCHAP

Your only choices are outlined at the url you were given I'm afraid - store the cleartext or nt hash of the password, which will entail a password change (or capture); or switch to eap-ttls/pap. This is a property of the cryptographic aspects of the algorithms in question and can't be worked ar

Re: Issue with MSCHAP

ng configuration file /etc/freeradius/modules/files >> including configuration file /etc/freeradius/modules/mac2vlan >> including configuration file /etc/freeradius/modules/acct_unique >> including configuration file /etc/freeradius/modules/krb5 >> including configuration file /et

Re: redundant load balancing and mschap

On 08/24/2012 11:53 PM, McNutt, Justin M. wrote: The underlying problem is that I have four production RADIUS servers that all seem to choose the same domain controller, which is not only a lot of load, but it's a bad idea in terms of fault tolerance. I agree about the fault tolerance. In my ex

RE: redundant load balancing and mschap

cnuttj=missouri@lists.freeradius.org [mailto:freeradius-users-bounces+mcnuttj=missouri@lists.freeradius.org] On Behalf Of Phil Mayers Sent: Friday, August 24, 2012 4:23 PM To: freeradius-users@lists.freeradius.org Subject: Re: redundant load balancing and mschap On 08/24/2012 08:11 PM, McNutt,

RE: redundant load balancing and mschap

ts.freeradius.org Subject: Re: redundant load balancing and mschap On 08/24/2012 08:11 PM, McNutt, Justin M. wrote: > Grrr... > This is probably a Samba issue - a known one? - but I can't seem to > get AD authentications to hit multiple DCs. Everything goes to the > one This is indeed

RE: redundant load balancing and mschap

lto:freeradius-users-bounces+mcnuttj=missouri@lists.freeradius.org] On Behalf Of alan buxey Sent: Friday, August 24, 2012 3:59 PM To: FreeRadius users mailing list Subject: Re: redundant load balancing and mschap Hi, >Authentication *works*, but all authentications go to the same DC

Re: redundant load balancing and mschap

On 08/24/2012 08:11 PM, McNutt, Justin M. wrote: Grrr... This is probably a Samba issue - a known one? - but I can't seem to get AD authentications to hit multiple DCs. Everything goes to the one This is indeed a Samba issue, and unfortunately a hard one to fix. ntlm_auth doesn't talk over th

Re: redundant load balancing and mschap

Hi, >Authentication *works*, but all authentications go to the same DC (the one >specified in "mschap2").  Running "radiusd -X" shows that all mschap1/2/3 >instances are being called, and no authentication *attempts* are being >sent to the other two domain controllers.  (1 and 3 ar

Re: redundant load balancing and mschap

McNutt, Justin M. wrote: > Grrr... > > This is probably a Samba issue - a known one? - but I can't seem to get > AD authentications to hit multiple DCs. Everything goes to the one > listed in /etc/samba/smb.conf (which may be a coincidence). That's how the NT protocols work, IIRC. You need

redundant load balancing and mschap

Grrr... This is probably a Samba issue - a known one? - but I can't seem to get AD authentications to hit multiple DCs. Everything goes to the one listed in /etc/samba/smb.conf (which may be a coincidence). I set up several mschap instances like so: mschap mschap1 { ... ntlm_auth -s

Re: buffer overflow on mschap reject

Hi, > # radiusd -X | head -1 > FreeRADIUS Version 2.1.11, for host x86_64-pc-linux-gnu, built on Jun 11 > 2012 at 11:10:29 does it do it with 2.1.12 - which was released in september last year alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: buffer overflow on mschap reject

for your help. I'm guessing this shouldn't crash with the example >> config? maybe the mschap stuff bloats the reply too much? > > doesnt crash here - what code release are you using? # ntlm_auth -V Version 3.5.15 # radiusd -X | head -1 FreeRADIUS Version 2.1.11, for host x

Re: buffer overflow on mschap reject

Hi, > I did have a retry_msg which was left as the default value of > > retry_msg = "Re-enter (or reset) the password" > > After I commented out this line the problem went away. > > Thanks for your help. I'm guessing this shouldn't crash with the exampl

Re: buffer overflow on mschap reject

lem went away. Thanks for your help. I'm guessing this shouldn't crash with the example config? maybe the mschap stuff bloats the reply too much? > >>> *** buffer overflow detected ***: radiusd terminated >>> === Backtrace: = > > Reading doc/bu

Re: buffer overflow on mschap reject

Hi, > Matt Richards wrote: if you send me the small bits of mschap config you have made i'll run it on my debug/testing platform alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: buffer overflow on mschap reject

Matt Richards wrote: > Hello, > > I have got radius setup to authenticate wireless clients using MS-CHAP > and everything works correctly if the entered user / pass is correct. > > If the password is wrong, however, I get a buffer overflow error and > radiusd dies. You probably set the "retry_

buffer overflow on mschap reject

... > +- entering group authenticate {...} > [eap] Request found, released from the list > [eap] EAP/mschapv2 > [eap] processing type mschapv2 > [mschapv2] # Executing group from file /etc/raddb/sites-enabled/inner-tunnel > [mschapv2] +- entering group MS-CHAP {...} > [mschap] Creatin

Re: PEAP/MSCHAP doesn't run post-auth in inner-tunnel for reject?

; >Alan DeKok wrote: > >>Phil Mayers wrote: >>> Am I being dumb / getting something wrong or does the post-auth >session >>> not get called if PEAP/MSCHAP returns a reject? >>> >>> It seems to run for successful auths, but not failures. >> >>

Re: PEAP/MSCHAP doesn't run post-auth in inner-tunnel for reject?

>> Am I being dumb / getting something wrong or does the post-auth session >> not get called if PEAP/MSCHAP returns a reject? >> >> It seems to run for successful auths, but not failures. > > That is the case. > >> This is in the context of us not seeing l

Re: PEAP/MSCHAP doesn't run post-auth in inner-tunnel for reject?

On 05/19/2012 12:37 PM, alan buxey wrote: Hi, Am I being dumb / getting something wrong or does the post-auth session not get called if PEAP/MSCHAP returns a reject? It seems to run for successful auths, but not failures. That is the case. This is in the context of us not seeing log

Re: PEAP/MSCHAP doesn't run post-auth in inner-tunnel for reject?

Hi, > > Am I being dumb / getting something wrong or does the post-auth session > > not get called if PEAP/MSCHAP returns a reject? > > > > It seems to run for successful auths, but not failures. > > That is the case. > > > This is in the context of

Re: PEAP/MSCHAP doesn't run post-auth in inner-tunnel for reject?

Phil Mayers wrote: > Am I being dumb / getting something wrong or does the post-auth session > not get called if PEAP/MSCHAP returns a reject? > > It seems to run for successful auths, but not failures. That is the case. > This is in the context of us not seeing log messag

PEAP/MSCHAP doesn't run post-auth in inner-tunnel for reject?

Am I being dumb / getting something wrong or does the post-auth session not get called if PEAP/MSCHAP returns a reject? It seems to run for successful auths, but not failures. This is in the context of us not seeing log messages for EAP auth failures; I suspect that the client may just "

Re: MSCHAP Errors

Hi, >I am Working on Upgrading my Ubuntu to the Ubuntu 12.04 LTS and then I >will retry the PEAP Authentication >I will keep you posted with my results. I cant spoon feed you with all your required details - I have a day job too... if you use Ubuntu, then it uses a different name >

Re: MSCHAP Errors

Gilmour, Scott wrote: > I am Working on Upgrading my Ubuntu to the Ubuntu 12.04 LTS and then I > will retry the PEAP Authentication > I will keep you posted with my results. Upgrading won't help. > root@FreeRadius:/home/sqauser# radius -X > No command 'radius' found, did you mean: > Command 'r

Re: MSCHAP Errors

Thanks, I am Working on Upgrading my Ubuntu to the Ubuntu 12.04 LTS and then I will retry the PEAP Authentication I will keep you posted with my results. root@FreeRadius:/home/sqauser# radius -X No command 'radius' found, did you mean: Command 'radiusd' from package 'radiusd-livingston' (universe

Re: MSCHAP Errors

What does the server try to run when actually dealing with your client? radius -X will show you, you can then try running that command yourself. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: MSCHAP Errors

Hi, I have been unable to get a PEAP user to work, but I was able to get a TLS User to work. It keeps on failing for MSCHAP. I tried to change the mschap module settings but this made no difference. I am currently using samba 3.5 with active directory. Does my ntlm_auth path look correct? Thanks

Re: MSCHAP Errors

ll fail with an access-reject >leaving me to believe it has something to do with the MSCHAP module.  I >anm still investigating. what version of SAMBA? 3.0.x wil be fine, as will 3.5.x and 3.6.x latest versions, you may have all kinds of issues with 3.1.x through to 3.4.x. also, when

Re: MSCHAP Errors

access-reject leaving me to believe it has something to do with the MSCHAP module. I anm still investigating. Thanks Scott On Mon, May 14, 2012 at 1:55 PM, James J J Hooper [via FreeRadius] < ml-node+s1045715n5709347...@n5.nabble.com> wrote: > On 11/05/2012 13:35, Phil Mayers wrote: >

Re: MSCHAP Errors

denied (0xc022) Fri May 11 08:08:13 2012 : Debug: Exec-Program: returned: 1 Fri May 11 08:08:13 2012 : Info: [mschap] External script failed. Fri May 11 08:08:13 2012 : Info: [mschap] FAILED: MS-CHAP2-Response is incorrect The "ntlm_auth" helper is returning errors. Try the command fr

Re: MSCHAP Errors

: Debug: Exec-Program: returned: 1 Fri May 11 08:08:13 2012 : Info: [mschap] External script failed. Fri May 11 08:08:13 2012 : Info: [mschap] FAILED: MS-CHAP2-Response is incorrect The "ntlm_auth" helper is returning errors. Try the command from the CLI and examine the output.

MSCHAP Errors

Hi, I am running freeradius with Ubuntu and with the Active Directory Configuration. When doing PEAP authentication I keep on getting a MSCHAP Error. Not sure where to make changes or what changes to make. Is there something I need to add in the Radiusd.conf or the eap.conf file? Thanks in

Re: kill -HUP sometimes causes "rlm_pap: mschap xlat failed"

hup'd it until it got >>> borked. Seems to me like the mschap module gets somehow lost during the hup: >> >> That's enough to tell what's going on. >> >> Try grabbing the "v2.1.x" branch from git. It has a fix. > > Just to confirm

Re: kill -HUP sometimes causes "rlm_pap: mschap xlat failed"

Hi, On Fri, Apr 13, 2012 at 05:23:22PM +0200, Alan DeKok wrote: > Jan Weiher wrote: > > I had some sparetime and was able to have a deeper look at it. What I > > did is basically running freeradius -X and then hup'd it until it got > > borked. Seems to me like the mscha

Re: kill -HUP sometimes causes "rlm_pap: mschap xlat failed"

Jan Weiher wrote: > I had some sparetime and was able to have a deeper look at it. What I > did is basically running freeradius -X and then hup'd it until it got > borked. Seems to me like the mschap module gets somehow lost during the hup: That's enough to tell what's g

Re: kill -HUP sometimes causes "rlm_pap: mschap xlat failed"

>> I'm wondering if the mschap module somehow gets its internal state >> muddled on a HUP, and starts sending the wrong challenge response. >> ntlm_auth from the command line works fine when FR has a problem. Hi, I had some sparetime and was able to have a deeper lo

Re: kill -HUP sometimes causes "rlm_pap: mschap xlat failed"

Matthew Newton wrote: > I've just replicated the problem by repeatedly HUPping freeradius, > with about 10 second gaps between. On the 8th or so try, the same > issue hit. Stopping and starting FR fixed it. Maybe valgrind helps. It doesn't say anything for me... > I

Re: adding mschap to an existing ttls/pap setup

Brian Gold wrote: > Ok, new pastebin: http://pastebin.com/5f2W3PjN > I've confirmed that I don't have "Auth-Type := LDAP" anywhere in my > configuration. Did you try checking the "set_auth_type" entry in the ldap module config, as suggested in another post? > The sambaNTPassword hash was incor

RE: adding mschap to an existing ttls/pap setup

users mailing list > Subject: Re: adding mschap to an existing ttls/pap setup > > Brian Gold wrote: > > We currently have an existing freeradius setup using eap-ttls/pap with > > an openldap backend. Up until now, our userPassword has always been SHA > > encoded. I've been

RE: adding mschap to an existing ttls/pap setup

> Hi, > > I think I had a similar problem and fixed it by setting set_auth_type = no in > modules/ldap. But I'm not sure if this is the only thing I > changed... > > all the best, > Jan I have the same behavior after making this change unfortunately. - List info/subscribe/unsubscribe? See http

Re: adding mschap to an existing ttls/pap setup

Brian Gold wrote: > We currently have an existing freeradius setup using eap-ttls/pap with an > openldap backend. Up until now, our userPassword has > always been SHA encoded. I've been working to add sambaNTPassword hashes so > that we can use either eap-ttls/mschap or peap/m

Re: adding mschap to an existing ttls/pap setup

Am 12.04.2012 17:49, schrieb Brian Gold: > We currently have an existing freeradius setup using eap-ttls/pap with an > openldap backend. Up until now, our userPassword has > always been SHA encoded. I've been working to add sambaNTPassword hashes so > that we can use either e

adding mschap to an existing ttls/pap setup

We currently have an existing freeradius setup using eap-ttls/pap with an openldap backend. Up until now, our userPassword has always been SHA encoded. I've been working to add sambaNTPassword hashes so that we can use either eap-ttls/mschap or peap/mschap. I've got the nt hashes se

Re: kill -HUP sometimes causes "rlm_pap: mschap xlat failed"

> So that seems to indicate it's the HUP that causes the problem. Okay, I thought it might me the config a.k.a "me"... I think I'm going to modify the logrotate script until this issue is fixed. best, Jan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: kill -HUP sometimes causes "rlm_pap: mschap xlat failed"

On Thu, Apr 12, 2012 at 04:45:56PM +0200, Jan Weiher wrote: > Am 12.04.2012 16:32, schrieb Matthew Newton: > > I'll dig a bit more, but the easy solution is to change the > > logrotate script to restart, rather than reload/HUP. > > > > Yes, that would be a solution for me as well, because when lo

Re: kill -HUP sometimes causes "rlm_pap: mschap xlat failed"

Hi, Am 12.04.2012 16:32, schrieb Matthew Newton: > > I'll dig a bit more, but the easy solution is to change the > logrotate script to restart, rather than reload/HUP. > Yes, that would be a solution for me as well, because when logrotate runs, the freeradius server is basically idle, but I don

Re: kill -HUP sometimes causes "rlm_pap: mschap xlat failed"

Hi, On Thu, Apr 12, 2012 at 03:59:56PM +0200, Jan Weiher wrote: > I've got a strange problem with FR 2.1.12, sometimes (not always) when > logrotate ran, freeradius goes bonkers and responds to every pap request > with "mschap xlat failed". Restarting FR fixes this magica

Re: kill -HUP sometimes causes "rlm_pap: mschap xlat failed"

with FR 2.1.12, sometimes (not always) when >> logrotate ran, freeradius goes bonkers and responds to every pap request >> with "mschap xlat failed". Restarting FR fixes this magically and all >> works fine again. I created a small and hackish script, which restarts >&

Re: kill -HUP sometimes causes "rlm_pap: mschap xlat failed"

On 04/12/2012 09:59 AM, Jan Weiher wrote: Hi, I've got a strange problem with FR 2.1.12, sometimes (not always) when logrotate ran, freeradius goes bonkers and responds to every pap request with "mschap xlat failed". Restarting FR fixes this magically and all works fine again. I

kill -HUP sometimes causes "rlm_pap: mschap xlat failed"

Hi, I've got a strange problem with FR 2.1.12, sometimes (not always) when logrotate ran, freeradius goes bonkers and responds to every pap request with "mschap xlat failed". Restarting FR fixes this magically and all works fine again. I created a small and hackish script, which r

Re: Minor typo in master/raddb/mods-available/mschap

James J J Hooper wrote: > --- mschap-orig2012-04-08 00:39:44.0 +0100 > +++ mschap-new2012-04-08 00:41:06.0 +0100 > @@ -78,3 +78,3 @@ > #ntlm_auth_username = "username: %{mschap:User-Name}" > -#ntlm_auth_domain = &quo

Minor typo in master/raddb/mods-available/mschap

--- mschap-orig 2012-04-08 00:39:44.0 +0100 +++ mschap-new 2012-04-08 00:41:06.0 +0100 @@ -78,3 +78,3 @@ # ntlm_auth_username = "username: %{mschap:User-Name}" -# ntlm_auth_domain = "username: %{mschap:NT-Domain}" +# nt

AW: AW: MSCHAP Auth fails

Alan DeKok Gesendet: Mittwoch, 4. April 2012 18:43 An: FreeRadius users mailing list Betreff: Re: AW: MSCHAP Auth fails Go back and ensure that there is only ONE mschap module in the "modules" directory. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: AW: MSCHAP Auth fails

Weber, Felix wrote: > Just looked at this line in my config there is a "--ntresponse" instead > of "#ntresponse" That's bad. > In my mschap module the ntresponse parameter is written with "--", so > why is radtest interpreting it with an "#&

AW: MSCHAP Auth fails

Just looked at this line in my config there is a "--ntresponse" instead of "#ntresponse" [mschap]expand: #ntresponse=%{mschap:NT-Response:-00} -> #ntresponse=f7b8cd66af90b5791fb4b09421dbbf2cbed180e7e72304b5 Exec-Program output: Logon failure (0xc06d) Exec-

AW: MSCHAP Auth fails

Tested both at radtest USER@DOMAIN and DOMAIN\\USER, nothing worked. Configured krb5.conf and smb.conf with domain and local ntlm_auth works fine on the machine. And in mschap module this line has beed added: ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name:

RE: MSCHAP Auth fails

# Executing group from file /etc/raddb/sites-enabled/packetfence +- entering group MS-CHAP {...} [mschap] Told to do MS-CHAPv1 with NT-Password [mschap]expand: %{Stripped-User-Name} -> [mschap]... expanding second conditional [mschap]expand: %{mschap:User-Name:-N

MSCHAP Auth fails

been added to users: DEFAULT Auth-Type = mschap This is the output from radtest: radtest -t mschap User001 USERPW localhost 0 s3cr3t Sending Access-Request of id 61 to 127.0.0.1 port 1812 User-Name = "User001" NAS-IP-Address = 172.16.28.168 NAS-Port

  1   2   3   4   5   6   7   >