On Fri, Mar 30, 2012 at 7:26 AM, Fajar A. Nugraha l...@fajar.net wrote:
On Fri, Mar 30, 2012 at 4:22 AM, Thomas Fagart tfag...@brozs.net wrote:
As I was not very familiar with MS-CHAP, I've google a little and it seems
to me that my goal (ie ms chapv2 welcome server without having user/passwd
On Fri, Mar 30, 2012 at 6:54 AM, Timothy White timwhit...@gmail.com wrote:
Is it possible on the proxy server, to catch the challenge and
response when the normal server is running, store them, and then issue
the same challenge and same chap-success from the welcome server
when another request
.1045715.n5.nabble.com/mschap-NTLM-and-different-membership-of-with-variables-tp5433169p5433223.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
NdK wrote:
Il 20/01/2012 21:46, Alan DeKok ha scritto:
Yeah, I've gone and fixed that. git is nice for updating web pages.
Still there's Then, fine the mschap module. s/fine/find/ :)
Fixed, thanks.
BTW, in a real AD setup, with AD servers used as DNS, there should be no
need to setup
Thanks ndk and alan I lll give it a fresh try to the testbed. I have
already deleted the DEFAULT entry from the users file and updated mschap as
indicated. I think what might be forcing NTLM_AUTH is an entry which i made
to the authorize section of default file after which ntlm_auth strated
-Port = 0
Sat Jan 21 19:21:08 2012 : Info: +- entering group authorize {...}
Sat Jan 21 19:21:08 2012 : Info: ++[preprocess] returns ok
Sat Jan 21 19:21:08 2012 : Info: ++[chap] returns noop
Sat Jan 21 19:21:08 2012 : Info: ++[mschap] returns noop
Sat Jan 21 19:21:08 2012 : Info: [suffix] No '@' in User
Il 20/01/2012 21:46, Alan DeKok ha scritto:
Yeah, I've gone and fixed that. git is nice for updating web pages.
Uh... forgot... When using ntlm_auth with a password, --request-nt-key
seems to have no effect. Tested in different distros.
BYtE,
Diego.
-
List info/subscribe/unsubscribe? See
already in the latest version.
If yes, you'd know that:
- radtest can send mschap request as well (see 'radtest -h')
The only changes I have done to default config is in the inner tunnel or
default file. Attaching the same if you may have a look. I have never
blamed Alan that his recipe is flawed
Dhiraj Gaur wrote:
The version of radtest on my system doesnt support the -t option, hence
even after doing radtest -h I could not find anything.
Upgrade. It really helps.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
which client you use, IF you're
familiar-enough with it and know how to use it. However, your posted
log still shows you use pap. So that either means:
- you don't know how to send mschap request using that client, or
- you haven't got pap working correctly, or
- you don't know the difference
against file based and SQL based authentication in radius. NTLM_AUTH using
PAP also works fine, wherein plaintext password is sucessfully
authenticated against the AD and I get an Access-Accept. However when I
pass the same credentials over CHAP, MSCHAP or EAP_MSCHAP the same is not
working and I
the same credentials over CHAP, MSCHAP or EAP_MSCHAP the same is
not working and I end up in a Access-Reject.
CHAP will *not* work with AD. See my web site:
http://deployingradius.com/documents/protocols/compatibility.html
Seems like that the
ntlm_auth program is not parsing the received
in authenticating wifi users
against file based and SQL based authentication in radius. NTLM_AUTH
using PAP also works fine, wherein plaintext password is sucessfully
authenticated against the AD and I get an Access-Accept. However when
I pass the same credentials over CHAP, MSCHAP or EAP_MSCHAP
Il 20/01/2012 17:17, Dhiraj Gaur ha scritto:
Thanks for the reply. I already followed your site and was able to make
ntlm_auth work. For MS-CHAP the AD page of your site says
Start the server and use a test client to send an MS-CHAP
authentication request. The |radclient| cannot currently
Dhiraj Gaur wrote:
rt the server and use a test client to send an MS-CHAP
authentication request. The |radclient| cannot currently be used to send
this request, unfortunately, which makes testing a little difficult If
everything goes well, you should see the server returning an
Access-Accept
Il 20/01/2012 19:44, Alan DeKok ha scritto:
The radclient program has since been updated.
Then it could be better to update that page, since it's the reference
for all newbies that try to make it work.
You hard-coded it to *always* do NTLM authentication, using the PAP
credentials. Then
NdK wrote:
The radclient program has since been updated.
Then it could be better to update that page, since it's the reference
for all newbies that try to make it work.
Yeah, I've gone and fixed that. git is nice for updating web pages.
It *should* work is more correct :(
There still
-Identifier = mw-ltqN3-P2-01
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = PDVSA2000\torrealbaw, looking up realm NULL
[suffix
Erick Rojas Bastidas wrote:
I configured Freeradius 2.1.10 Debian 6.0.2 using EAP-TLS
authentication. I generated the client and server certificated with XP
extention. I created my certificated in the freeradius server, is that
ok? or I have to create it in a different machine? I am
{...}
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] No Cleartext-Password configured. Cannot create NT-Password.
[mschap] NT Domain delimeter found, should we have enabled
with_ntdomain_hack?
[mschap] Creating challenge hash with username: PDVSA2000\TORREALBAW
@lists.freeradius.org
Subject: Re: LDAP/MSCHAP
Andreas Rudat ru...@endstelle.de wrote:
Am 12.11.2011 23:00, schrieb Sven Hartge:
This also means you have to protect those Hashes inside your database
like a raw cleartext password, as you can authenticate to any Windows
box with the knowledge of the NT/LM
Am 12.11.2011 23:00, schrieb Sven Hartge:
Sven Hartge s...@svenhartge.de wrote:
Andreas Rudat ru...@endstelle.de wrote:
Am 11.11.2011 03:56, schrieb Fajar A. Nugraha:
On Fri, Nov 11, 2011 at 8:29 AM, Gary Gatten ggat...@waddell.com wrote:
I agree with Jake, in that I *think* it would be
Andreas Rudat ru...@endstelle.de wrote:
Am 12.11.2011 23:00, schrieb Sven Hartge:
This also means you have to protect those Hashes inside your database
like a raw cleartext password, as you can authenticate to any Windows
box with the knowledge of the NT/LM-Hash.
This has been exploitet by
Am 11.11.2011 03:56, schrieb Fajar A. Nugraha:
On Fri, Nov 11, 2011 at 8:29 AM, Gary Gatten ggat...@waddell.com wrote:
I agree with Jake, in that I *think* it would be possible to have a plugin
or whatever interface with LDAP/AD in the same manner ntlm_auth does. I
don't think one *needs* a
On 11/12/2011 06:43 PM, Andreas Rudat wrote:
But if that works, why then all are saying that you can just work with
plaintext? Its realy confusing.
If you have the plaintext, you can generate any hash, and of course
perform any auth mechanism.
-
List info/subscribe/unsubscribe? See
Andreas Rudat ru...@endstelle.de wrote:
Am 11.11.2011 03:56, schrieb Fajar A. Nugraha:
On Fri, Nov 11, 2011 at 8:29 AM, Gary Gatten ggat...@waddell.com wrote:
I agree with Jake, in that I *think* it would be possible to have a
plugin or whatever interface with LDAP/AD in the same manner
Sven Hartge s...@svenhartge.de wrote:
Andreas Rudat ru...@endstelle.de wrote:
Am 11.11.2011 03:56, schrieb Fajar A. Nugraha:
On Fri, Nov 11, 2011 at 8:29 AM, Gary Gatten ggat...@waddell.com wrote:
I agree with Jake, in that I *think* it would be possible to have a
plugin or whatever
On 11/10/2011 11:36 PM, Sallee, Stephen (Jake) wrote:
Please forgive the interjection, but does anyone know of a helper
module like ntlm_auth that would work with LDAP, seems like such a
tool would make questions like this a non-issue.
MSCHAP is a challenge-response mechanism. To execute
wanting to do MSCHAP must have either:
1. The NT or LM hashes
2. The cleartext password, to generate the NT/LM hashes
3. Access to a system which will perform the MSCHAP crypto for them
(i.e. a domain controller, access via samba/ntlm_auth)
If you're talking about writing something
Whitlow, Michael wrote:
I am really close to a successful Freeradius implementation for 802.1X
wireless using LDAP authentication on the back end.
Are you sure the backend is LDAP, and not AD?
It it's AD, see my web page: http://deployingradius.com
It has complete instructions for
Gary Gatten wrote:
I agree with Jake, in that I *think* it would be possible to have a plugin or
whatever interface with LDAP/AD in the same manner ntlm_auth does.
It's possible to have a plugin, but there is no benefit. FreeRADIUS
already has an LDAP plugin.
The *only* reason for
but nothing I have found yet will help me.
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] No Cleartext-Password configured. Cannot create NT-Password.
[mschap] Creating challenge hash with username: mwhitlow
[mschap
Hi,
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] No Cleartext-Password configured. Cannot create NT-Password.
store your passwords in the LDAP as NT-Password or LM-Password
hashes. this then allows the PEAP/MSCHAPv2 method of EAP to work.
alan
-
List
the authentication itself, but instead passes the users
authentication credentials to another system.
This does NOT work with MSCHAP, since the RADIUS server _does not have_
the complete authentication credentials in this case, it is missing the
password. The only thing it has, is the hashed version
To: freeradius-users@lists.freeradius.org
Subject: Re: LDAP/MSCHAP
Whitlow, Michael mwhit...@bumail.bradley.edu wrote:
I am really close to a successful Freeradius implementation for 802.1X
wireless using LDAP authentication on the back end.
Nope, you are not very close.
You _cannot_ use any LDAP
Sallee, Stephen (Jake) jake.sal...@umhb.edu wrote:
Please forgive the interjection, but does anyone know of a helper
module like ntlm_auth that would work with LDAP, seems like such a
tool would make questions like this a non-issue.
No, will not work. You can't transform the normally used
@lists.freeradius.org
freeradius-users@lists.freeradius.org
Subject: Re: LDAP/MSCHAP
Sallee, Stephen (Jake) jake.sal...@umhb.edu wrote:
Please forgive the interjection, but does anyone know of a helper
module like ntlm_auth that would work with LDAP, seems like such a
tool would make questions
On Fri, Nov 11, 2011 at 8:29 AM, Gary Gatten ggat...@waddell.com wrote:
I agree with Jake, in that I *think* it would be possible to have a plugin or
whatever interface with LDAP/AD in the same manner ntlm_auth does. I don't
think one *needs* a cleartext password, but does need some way to
Hi all!
How it is possible to add restriction on group at mschap?
Just --require-membership-of=GROUP-NAME not working
Thanks for the answer.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 28 Sep 2011, at 21:18, Alan DeKok wrote:
scoth wrote:
I'm stuck in my testing. I have configured and reconfigured my freeradius
and keep getting back to the same error:
[mschap] ERROR: User-Name (RC24558\jojo) is not the same as MS-CHAP Name
(jojo) from EAP-MSCHAPv2
That data
Arran Cudbard-Bell wrote:
Which standard says that the MSCHAPv2 identity and the PEAP Inner identity
have to match?
Nothing, really.
The issue is more sanity and security.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
/etc/raddb/modules/perl
including configuration file /etc/raddb/modules/radutmp
including configuration file /etc/raddb/modules/mschap
including configuration file /etc/raddb/modules/unix
including configuration file /etc/raddb/modules/logintime
including configuration file /etc/raddb/modules/ippool
On 28 Sep 2011, at 09:50, sekchel lee wrote:
mysql select * from radcheck;
+++---+++
| id | username | attribute | op | value |
I'm stuck in my testing. I have configured and reconfigured my freeradius
and keep getting back to the same error:
[mschap] ERROR: User-Name (RC24558\jojo) is not the same as MS-CHAP Name
(jojo) from EAP-MSCHAPv2
I was able to use the mschap-username to successfully authenticate to ldap
scoth wrote:
I'm stuck in my testing. I have configured and reconfigured my freeradius
and keep getting back to the same error:
[mschap] ERROR: User-Name (RC24558\jojo) is not the same as MS-CHAP Name
(jojo) from EAP-MSCHAPv2
That data is sent by the Windows box, and isn't under
: MSCHAP / NTLM_AUTH failure on expired AD password; out of
synccached creds / AD password.
Garber, Neal wrote:
For now, this is working as designed because FR doesn't support password
change via MSCHAP. Recently, there was a thread talking about
supporting retry and Phil Mayers wrote
Gary Gatten wrote:
Is 3.0 avail now to test, or should I find that string and implement said
patch on 2.1.10?
http://git.freeradius.org
Follow the instructions for the master branch.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Gary Gatten wrote:
There are some minor diffs between the doc on “deployingradius.com” and
the embedded doc in the mschap module. Which one should I use?
They should both work. There is no one magic source of
documentation which applies perfectly to all situations. Instead, some
amount
file /usr/local/etc/raddb/modules/mac2ip
including configuration file /usr/local/etc/raddb/modules/ntlm_auth
including configuration
file /usr/local/etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /usr/local/etc/raddb/modules/mschap
including configuration file /usr/local/etc
FR is configured to send the auth request to AD (MSCHAP
only, Aruba terminates PEAP) using NTLM_AUTH.
Why do you want Aruba to terminate PEAP?
If it IS expired, MSCHAP (or NTLM_AUTH) seems to always
return a reject.
See below...
Also, with new users an account is created
Garber, Neal wrote:
For now, this is working as designed because FR doesn't support password
change via MSCHAP. Recently, there was a thread talking about
supporting retry and Phil Mayers wrote and submitted a patch to
provide retry password change for MSCHAP (thank you Phil
Doty, Seth wrote:
I have downloaded and installed the git repo version of what will become
2.1.11 on May 10 because of a proxy bug that is fixed in this version.
In our current testing setup freeradius takes all information from the
realm and passes in to a MS network policy server for
Hello,
There are some minor diffs between the doc on deployingradius.com and the
embedded doc in the mschap module. Which one should I use? Specifically, what
is the correct ntlm_auth command string, and should I enable the
with_ntdomain_hack in the mschap module?
TIA!
Gary
font size
PAP works, MSCHAP fails - specifically MSCHAPv2.
This is a fresh install of 2.1.10, built from source. I'm using ntlm_auth;
samba version 3.0.33-3.7.el5 I also have version 2.1.6 running on the same box
and it mostly works: seems to work with everything except Winblows7, hence I
installed
On 05/11/2011 09:12 PM, Gary Gatten wrote:
PAP works, MSCHAP fails – specifically MSCHAPv2.
This is a fresh install of 2.1.10, built from source. I’m using
ntlm_auth;
No, you're not:
+- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured. Cannot create LM-Password
mailing list'
Subject: RE: MSCHAP failing on new 2.1.10 install
Did you see this in your debug output:
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] No Cleartext-Password configured. Cannot create NT-Password.
[mschap] Creating challenge hash with username: netengtest
On 05/11/2011 09:29 PM, Gary Gatten wrote:
PS: I apparently have to leave the “DEFAULT Auth-Type = ntlm_auth “ in
the users file or “nothing” works. FWIW I am exclusively using
Leave?
There's no line like this in the default configs.
AD/ntlm_auth for all auth types, so hopefully this won’t
=waddell@lists.freeradius.org
[mailto:freeradius-users-bounces+ggatten=waddell@lists.freeradius.org] On
Behalf Of Phil Mayers
Sent: Wednesday, May 11, 2011 3:38 PM
To: freeradius-users@lists.freeradius.org
Subject: Re: MSCHAP failing on new 2.1.10 install
On 05/11/2011 09:12 PM, Gary Gatten
] On
Behalf Of Phil Mayers
Sent: Wednesday, May 11, 2011 3:41 PM
To: freeradius-users@lists.freeradius.org
Subject: Re: MSCHAP failing on new 2.1.10 install
On 05/11/2011 09:29 PM, Gary Gatten wrote:
PS: I apparently have to leave the DEFAULT Auth-Type = ntlm_auth in
the users file or nothing works
+- entering group authorize {...}
[preprocess]expand: %{NAS-IP-Address} - 1.1.2.4
[preprocess]expand: %{NAS-IP-Address} - 1.1.2.4
++[preprocess] returns ok
++[chap] returns noop
[mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
++[mschap] returns ok
[suffix] No '@' in User-Name
On 05/11/2011 05:07 PM, Gary Gatten wrote:
Here's a debug from the 2.1.6 that's working... Wait a sec I
think I MAY have found something. I'm making backup copies of the
files with a .org extension... I bet it's reading the .org files and
overwriting my changes. Standby
Yes,
a LONG time for this one. Maybe I can/will
submit a feature request for such a thing...
Gary
-Original Message-
From: John Dennis [mailto:jden...@redhat.com]
Sent: Wednesday, May 11, 2011 4:17 PM
To: FreeRadius users mailing list
Cc: Gary Gatten
Subject: Re: MSCHAP failing on new 2.1.10
Hi,
Quick test shows this is working now. Not tested enough yet to claim
victory, but I'm not scratching my head going WTF I VAGUELY recall
burning myself several years ago when I started playing with FR, hence why I
remembered it - finally!
If I feel froggy I MAY tweak the source
To: FreeRadius users mailing list
Subject: Re: MSCHAP failing on new 2.1.10 install
Hi,
Quick test shows this is working now. Not tested enough yet to claim
victory, but I'm not scratching my head going WTF I VAGUELY recall
burning myself several years ago when I started playing with FR
[mailto:freeradius-users-bounces+ggatten=waddell@lists.freeradius.org] On
Behalf Of Alan Buxey
Sent: Wednesday, May 11, 2011 4:46 PM
To: FreeRadius users mailing list
Subject: Re: MSCHAP failing on new 2.1.10 install
Hi,
Quick test shows this is working now. Not tested enough yet
John Dennis wrote:
On 05/11/2011 05:07 PM, Gary Gatten wrote:
Here's a debug from the 2.1.6 that's working... Wait a sec I
think I MAY have found something. I'm making backup copies of the
files with a .org extension... I bet it's reading the .org files and
overwriting my changes.
Arran Cudbard-Bell wrote:
Can't you include files by pattern match or am i imagining a feature?
That would be a new feature.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
hi,
To all Cisco guys out there how can I make a NAS(Cisco 2960 switch) to
send MSCHAP requests to FR server instead of PAP requests.
what makes you even think it can? are you talking about the cisco switch
device itself for local admin access etc or are you talking about end clients
Hello,
To all Cisco guys out there how can I make a NAS(Cisco 2960 switch) to send
MSCHAP requests to FR server instead of PAP requests.
Thanks,
Raheel
-
List info/subscribe
robert22 wrote:
Interestingly, when I launch freeradius -X for debug mode, I see the
following in the startup info:
...
Is this secret what is being used by the freeradius?? As I have no idea
where this is coming from as I have replaced all instances of the
testing123 in all of the configs I
On 03/04/2011 01:32 AM, robert22 wrote:
Phil Mayers wrote:
Are you sure the mschap client is using the right password, and matches
the password in the domain?
Can you do a plaintext auth with the password you expect it to be?
ntlm_auth --username= --password=
Works fine with plaintext
Hi,
home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = auth
secret = testing123
response_window = 20
max_outstanding = 65536
require_message_authenticator = no
...
Is this secret what is being used by the freeradius??
=0024D6650564
--password=Pa$$w0rd
NT_STATUS_OK: Success (0x0)
The password Pa$$w0rd is set in the Wireless Controller, if
thats what you
mean by mschap client?
May I suggest two things:
1) I'm assuming that the password is not actually 'Pa$$w0rd', but that string
reminds me
Hi,
program = /usr/bin/ntlm_auth --request-nt-key --domain=MY.ACTUAL.DOMAIN
--username=%{mschap:User-Name} --password=%{User-Password}
I havent changed anything to the users file except adding in a test local
user as part of the initial FreeRadius install guide, and uncommenting the
to make sure I havent missed anything.
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/mschap-with-ntlm-auth-and-Active-Directory-tp3407522p3407778.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http
Hi,
Im using Samba version 3.5.4 and FreeRADIUS Version 2.1.9 on Ubuntu 10.10.
same 3.5.x early releases had wierd bugs. believe this is fixed since samba
3.5.6
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Im using Samba version 3.5.4 and FreeRADIUS Version 2.1.9
on Ubuntu 10.10.
I'm using 3.5.4 and FreeRADIUS 2.1.7. Should be okay.
--J
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Found Auth-Type = MSCHAP
+- entering group MS-CHAP {...}
[mschap] Told to do MS-CHAPv1 with NT-Password
[mschap]expand: --username=%{mschap:User-Name:-None} -
--username=001E52805980
[mschap] No NT-Domain was found in the User-Name.
[mschap]expand: %{mschap:NT-Domain
fine with our current Windows 2003 Server but Im trying to
get it going with
FreeRadius.
the mschap module line in MSCHAP for ntlm_auth is as such:
...
I forgot to mention: Also check that winbind is working like this:
wbinfo --all-domains
If you don't see a list of all valid NT-style
also upgraded to 3.5.7 samba as well.
I have no idea about the --request-nt-key to be honest, that was just part
of the wiki/documentation I followed...
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/mschap-with-ntlm-auth-and-Active-Directory-tp3407522p3408765.html
Sent
Logon failure (0xc06d)
Well, that's pretty clear. The response is not valid, meaning that
either the password is wrong somewhere, or samba is corrupting things
(which has happened in some buggy versions)
Are you sure the mschap client is using the right password, and matches
the password
Phil Mayers wrote:
Are you sure the mschap client is using the right password, and matches
the password in the domain?
Can you do a plaintext auth with the password you expect it to be?
ntlm_auth --username= --password=
Works fine with plaintext auth:
root@FREERADIUS:/etc
this message in context:
http://freeradius.1045715.n5.nabble.com/mschap-with-ntlm-auth-and-Active-Directory-tp3407522p3408894.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
with our current Windows 2003 Server but Im trying to get it going with
FreeRadius.
the mschap module line in MSCHAP for ntlm_auth is as such:
ntlm_auth = /usr/bin/ntlm_auth --request-nt-key
--username=%{mschap:User-Name:-None}
--domain=%{%{mschap:NT-Domain}:-MY.ACTUAL.DOMAIN}
--challenge
robert22 wrote:
I am trying to setup freeRadius to process requests from our Wireless
Controller. The controller uses the wireless devices MAC address as the
username, and a predefined password. These MAC addresses all excist in
Active Directory as user accounts, with the same password set.
wrote:
Wanting to verify mschap was indeed working, I disabled the domain user
account, and verified I could no longer authenticate via freeradius. I
enabled the account again and can login from a LAN PC, but have not been
able to authenticate through wireless via freeradius. Wbinfo,
ntlm_auth
Just curious if the hyphen is supposed to be in front of the domain
name on this line:
ntlm_auth = */path/to/ntlm_auth* --request-nt-key
--username=%{mschap:User-Name:-None}
--domain=%{%{mschap:NT-Domain}:-*MYDOMAIN*}
--challenge=%{mschap:Challenge:-00}
Raymond Norton wrote:
Just curious if the hyphen is supposed to be in front of the domain
name on this line:
Yes. man unlang. Look for :-
ntlm_auth = */path/to/ntlm_auth* --request-nt-key
--username=%{mschap:User-Name:-None}
--domain=%{%{mschap:NT-Domain}:-*MYDOMAIN*}
Got things working...yeah!
started with fresh user, ntlm_auth and mschap files, edited according to
tutorial. I then got the following error:
winbind client not authorized to use winbindd_pam_auth_crap
I had already changed permissions yesterday, but did it again.
I was able to login using
I followed the tutorial
(http://deployingradius.com/documents/configuration/active_directory.html)
and seemed to have mschap working. I had configured freeradius to use
eap prior to setting up to work with AD, so not sure if anything I
already configured is conflicting.
Wanting to verify
Raymond Norton wrote:
Wanting to verify mschap was indeed working, I disabled the domain user
account, and verified I could no longer authenticate via freeradius. I
enabled the account again and can login from a LAN PC, but have not been
able to authenticate through wireless via freeradius
-users@lists.freeradius.org
Betreff: Freeradius on lenny doesn't permit mschap auth
Hi all,
I had read and configure like
http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWT
O
I have test ntlm_auth with success but
radtest user passwd localhost 0 testing123 fail
I
On 14/01/2011 23:47, Alan DeKok wrote:
Fabien COMBERNOUS wrote:
[...]
David is not bridling but just remember his constraints.
They are *his* constraints. If he can't even install a version of
2.1.10 in order to run radtest which can do MS-CHAP, then those
constraints are ridiculous.
Fabien COMBERNOUS fcombern...@kezia.com writes:
In a complex environment to change a piece of software can have
unexpected consequences. And so to change it, it demands long testing
procedures for several teams. I already worked in this kind of
environment. And you have to give good reasons
understand too the lake of time for everyone.
I will try to find a mschap string with a second installation on a
second server. After that I will see and tell the result here. I
expect to have some other questions about the differences beetween the
2 versions but I hope it will be ok.
Regards
I think some comments.. are too heavys : P
I'm reading this list looking for solutions, or improvements for my servers,
but this threads are disgusting me. It's not necessary to write thing like
this..
I'm not agree with this. When someone requests help, you can help as
usually. If he can't do
is your expertise on freeradius to solve a
problem that I described. Think I have some problem with english and
freeradius (it is the first time I deal with freeradius and all these
strange words as mschap and eap and ... ;-) )
I'm ready to make many efforts to solve my problems, but I cannot
without
On Mon, Jan 17, 2011 at 10:20:00AM +0100, David Dumortier wrote:
In a complex environment to change a piece of software can have
unexpected consequences. And so to change it, it demands long testing
procedures for several teams.
I will try to find a mschap string with a second
Josip Rodin j...@entuzijast.net writes:
As usual, it would have helped if all parties would have steered away from
snappy remarks. Rather than do that, it's often simpler and eminently more
productive to keep silent.
You are of course correct. I apologise for my unnecessary comment. I
will
Ntlm_auth nt and lm key requests NT_STATUS_OK: Success (0x0) but the mschap
section still fails after cert exchance...
Log file - http://pastebin.com/rDhRKgiC
Suse Ent 11.0.0.32, samba 3.2.7, FreeRadius 2.1.1
Any ideas? Pointers? Suggestions?!
Anyone recommend a distro that just works
101 - 200 of 641 matches
Mail list logo