[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: Re: MSCHAP module returns OK, authentication fails..
From: Alan DeKok <aland () deployingradius ! com>
Date: 2008-08-27 11:35:19
Message-ID: 48B53BF7.6010203 () deployingradius ! com
[Download RAW message or body]
James Yale wrote:
> With a default configuration EAP works with a user specified in the
> users file with a cleartext password
> (http://jim.geezas.com/stuff/radius-debugging/ *-success.log files).
> This works via eapol and a Mac test client.
Ah.
> As soon as I enable the MSCHAP module (uncommenting the ntlm auth
> line) all authentication queries the AD here, so the locally
> configured user fails. When I try a user configured in the AD I'm
> getting:
>
> EAP-MSCHAPV2: Invalid authenticator response in success request
Upgrade Samba. If you're not using at least 3.2.1, upgrade to that.
> http://jim.geezas.com/stuff/radius-debugging/ *-failure.log), the
> message authenticator does seem to be invalid,
No. eapol_test is saying that the MSCHAP response is invalid.
> Has anyone seen this problem before, or am I looking in the wrong place?
Others have seen exactly the same thing in the past weeks. Upgrading
Samba fixed it.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic