'Re: RADIUS AUTHENTICATOR---need HELP using MSCHAP and NTPASSWORD'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: RADIUS AUTHENTICATOR---need HELP using MSCHAP and NTPASSWORD
From:       "ego seek" <egoseek () gmail ! com>
Date:       2006-10-31 15:43:49
Message-ID: 190eb3b60610310743l2726f831x8b3a1c765dc986c5 () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


Message: 6
Date: Mon, 30 Oct 2006 08:25:43 -0500
From: Michael Lecuyer <mjl@theorem.com>
Subject: Re: RADIUS AUTHENTICATOR---need HELP using MSCHAP and
       NTPASSWORD
To: FreeRadius users mailing list
       <freeradius-users@lists.freeradius.org>
Message-ID: <4545FD57.1030202@theorem.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

This pretty much sums up the problem:

 >   rlm_mschap: No MS-CHAP-Challenge in the request

   This is not a valid MS-CHAP request. You might want to look at the
   actual attributes passed to see if this is really an MS-CHAP request. It
   will contain Microsoft VSAs containing a MS-CHAP-Challenge and a
   MS-CHAP-Response.

How I can do it?


ego seek wrote:
> I use Squid and RADIUS.
>
> Squid use Squid_radius_authenticator to authenticate a client and write
> a log in which there is the username and the http request.
>
> THE PROBLEM IS:
> In the radcheck table i put a value: "AUTH-TYPE" and set "MS-CHAP" for
> the user. his password is stored in NT-HASH format.
> when the authenticator try to authenticate the user, this is the output
>
>
> ".......
> rad_check_password:  Found Auth-Type MS-CHAP
> auth: type "MS-CHAP"
>   Processing the authenticate section of radiusd.conf
> modcall: entering group MS-CHAP for request 6
>   rlm_mschap: No User-Password configured.  Cannot create LM-Password.
>   rlm_mschap: Found NT-Password
>   rlm_mschap: No MS-CHAP-Challenge in the request
>   modcall[authenticate]: module "mschap" returns reject for request 6
> modcall: leaving group MS-CHAP (returns reject) for request 6
> auth: Failed to validate the user.
> Login incorrect:[username/password]"
>
>
> can anybody help me?
> please.
>
>
>
> ------------------------------------------------------------------------
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

[Attachment #5 (text/html)]

Message: 6<br>Date: Mon, 30 Oct 2006 08:25:43 -0500<br>From: Michael Lecuyer &lt;<a \
onclick="return top.js.OpenExtLink(window,event,this)" \
href="mailto:mjl@theorem.com">mjl@theorem.com</a>&gt;<br>Subject: Re: RADIUS \
AUTHENTICATOR---need HELP using MSCHAP and <br> &nbsp; &nbsp; &nbsp; \
&nbsp;NTPASSWORD<br>To: FreeRadius users mailing list<br> &nbsp; &nbsp; &nbsp; \
&nbsp;&lt;<a onclick="return top.js.OpenExtLink(window,event,this)" \
href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org
 </a>&gt;<br>Message-ID: &lt;<a onclick="return \
top.js.OpenExtLink(window,event,this)" \
href="mailto:4545FD57.1030202@theorem.com">4545FD57.1030202@theorem.com</a>&gt;<br>Content-Type: \
text/plain; charset=ISO-8859-1; format=flowed <br><br>This pretty much sums up the \
problem:<br><br>&nbsp;&gt; &nbsp; rlm_mschap: No MS-CHAP-Challenge in the \
request<br><br>&nbsp;&nbsp; This is not a valid MS-CHAP request. You might want to \
look at the<br>&nbsp;&nbsp; actual attributes passed to see if this is really an \
MS-CHAP request. It <br>&nbsp;&nbsp; will contain Microsoft VSAs containing a \
MS-CHAP-Challenge and a<br>&nbsp;&nbsp; MS-CHAP-Response.<br><br>How I can do \
it?<br><br><br>ego seek wrote:<br>&gt; I use Squid and RADIUS.<br>&gt;<br>&gt; Squid \
use Squid_radius_authenticator to authenticate a client and write <br>&gt; a log in \
which there is the username and the http request.<br>&gt;<br>&gt; THE PROBLEM \
IS:<br>&gt; In the radcheck table i put a value: &quot;AUTH-TYPE&quot; and set \
&quot;MS-CHAP&quot; for<br>&gt; the user. his password is stored in NT-HASH format. \
<br>&gt; when the authenticator try to authenticate the user, this is the \
output<br>&gt;<br>&gt;<br>&gt; &quot;.......<br>&gt; rad_check_password: &nbsp;Found \
Auth-Type MS-CHAP<br>&gt; auth: type &quot;MS-CHAP&quot;<br>&gt; &nbsp; Processing \
the authenticate section of  radiusd.conf<br>&gt; modcall: entering group MS-CHAP for \
request 6<br>&gt; &nbsp; rlm_mschap: No User-Password configured. &nbsp;Cannot create \
LM-Password.<br>&gt; &nbsp; rlm_mschap: Found NT-Password<br>&gt; &nbsp; rlm_mschap: \
No MS-CHAP-Challenge in the request <br>&gt; &nbsp; modcall[authenticate]: module \
&quot;mschap&quot; returns reject for request 6<br>&gt; modcall: leaving group \
MS-CHAP (returns reject) for request 6<br>&gt; auth: Failed to validate the \
user.<br>&gt; Login incorrect:[username/password]&quot; <br>&gt;<br>&gt;<br>&gt; can \
anybody help me?<br>&gt; please.<br>&gt;<br>&gt;<br>&gt;<br>&gt; \
------------------------------<div style="direction: \
ltr;">------------------------------------------<br>&gt;<br>&gt; -<br>&gt; List \
info/subscribe/unsubscribe? See  <a onclick="return \
top.js.OpenExtLink(window,event,this)" \
href="http://www.freeradius.org/list/users.html" \
target="_blank">http://www.freeradius.org/list/users.html</a></div>



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic