# Executing group from file /etc/raddb/sites-enabled/packetfence +- entering group MS-CHAP {...} [mschap] Told to do MS-CHAPv1 with NT-Password [mschap] expand: %{Stripped-User-Name} -> [mschap] ... expanding second conditional [mschap] expand: %{mschap:User-Name:-None} -> User001 [mschap] expand: --username=%{%{Stripped-User-Name}:-%{mschap:User-Name:-None}} -> --username=User001 [mschap] mschap1: 28 [mschap] expand: --challenge=%{mschap:Challenge:-00} -> --challenge=28d302e62ccf7399 [mschap] expand: #ntresponse=%{mschap:NT-Response:-00} -> #ntresponse=f7b8cd66af90b5791fb4b09421dbbf2cbed180e7e72304b5 Exec-Program output: Logon failure (0xc000006d) Exec-Program-Wait: plaintext: Logon failure (0xc000006d) Exec-Program: returned: 1 [mschap] External script failed. [mschap] MS-CHAP-Response is incorrect. ++[mschap] returns reject Failed to authenticate the user. Login incorrect (mschap: External script says Logon failure (0xc000006d)): [User001] (from client 127.0.0.1 port 0)
I would say, ntlm_auth is missing domain here. Where do you supply domain? In configaration or with user name? Whitch form, user@domain or domain\user? I would check those. A. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html