[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: MSCHAP module returns OK, authentication fails..
From:       Alan DeKok <aland () deployingradius ! com>
Date:       2008-08-27 11:35:19
Message-ID: 48B53BF7.6010203 () deployingradius ! com
[Download RAW message or body]

James Yale wrote:
> With a default configuration EAP works with a user specified in the
> users file with a cleartext password
> (http://jim.geezas.com/stuff/radius-debugging/ *-success.log files).
> This works via eapol and a Mac test client.

  Ah.

> As soon as I enable the MSCHAP module (uncommenting the ntlm auth
> line) all authentication queries the AD here, so the locally
> configured user fails. When I try a user configured in the AD I'm
> getting:
> 
> EAP-MSCHAPV2: Invalid authenticator response in success request

  Upgrade Samba.  If you're not using at least 3.2.1, upgrade to that.

> http://jim.geezas.com/stuff/radius-debugging/ *-failure.log), the
> message authenticator does seem to be invalid,

  No.  eapol_test is saying that the MSCHAP response is invalid.

> Has anyone seen this problem before, or am I looking in the wrong place?

  Others have seen exactly the same thing in the past weeks.  Upgrading
Samba fixed it.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]