[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    RE: FreeRADIUS using Active Directory integration broken without any	traces
From:       Stefan Paetow <Stefan.Paetow () ja ! net>
Date:       2014-09-29 14:38:47
Message-ID: C072996E0B81144DBB9426B44462540C0D6DEE59 () EXC001
[Download RAW message or body]

Hi Sebastian, 

Did you update SAMBA at any point and did you possibly change the ownership of the \
winbindd_privileged directory? If so, that might be the reason. Add radiusd (or \
freerad on Deb platforms) to the group that Winbind belongs to. That should resolve \
the problem. 

Stefan


> -----Original Message-----
> From: freeradius-users-bounces+stefan.paetow=ja.net@lists.freeradius.org
> [mailto:freeradius-users-
> bounces+stefan.paetow=ja.net@lists.freeradius.org] On Behalf Of Sebastian
> Hagedorn
> Sent: 29 September 2014 14:28
> To: Vinícius Ferrão
> Cc: FreeRadius users mailing list
> Subject: Re: FreeRADIUS using Active Directory integration broken without
> any traces
> 
> Hi,
> 
> --On 26. September 2014 19:54:23 +0000 Vinícius Ferrão
> <ferrao@if.ufrj.br> wrote:
> 
> > But RADIUS fails when doing EAP-PEAP authentication, and running
> > FreeRADIUS in debug mode this is the error message:
> > 
> > # (9) mschap : Executing: /usr/local/bin/ntlm_auth --request-nt-key
> > # --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}}
> > # --challenge=%{%{mschap:Challenge}:-00}
> > # --nt-response=%{%#{mschap:NT-Response}:-00} (9) mschap : EXPAND
> > # --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} (9)
> mschap :
> > # --> --username=ferrao
> > # (9) mschap : Creating challenge hash with username: ferrao
> > # (9) mschap : EXPAND --challenge=%{%{mschap:Challenge}:-00}
> > # (9) mschap :    --> --challenge=082e8ba7b848aaae
> > # (9) mschap : EXPAND --nt-response=%{%{mschap:NT-Response}:-00}
> > # (9) mschap :    -->
> > # --nt-response=27b40a6d1dba1b4acfd33aff5c710a43e70d050269087bf1 (9)
> > # ERROR: mschap : Program returned code (1) and output 'Reading winbind
> > # reply failed! (0xc0000001)' (9) mschap : External script failed.
> > # (9) ERROR: mschap : External script says: Reading winbind reply failed!
> > # (0xc0000001) (9) ERROR: mschap : MS-CHAP2-Response is incorrect
> > # (9)   [mschap] = reject
> > # (9)  } # Auth-Type MS-CHAP = reject
> > # (9) eap : Freeing handler
> > # (9)   [eap] = reject
> > # (9)  } #  authenticate = reject
> > # (9) Failed to authenticate the user.
> > # (9) Login incorrect (mschap: Program returned code (1) and output
> > # 'Reading winbind reply failed! (0xc0000001)'): [ferrao/<via Auth-Type =
> > # EAP>] (from client 192.168.0.0/26 port 0 via TLS tunnel)
> > 
> > So something is wrong with Winbind and FreeRADIUS, and I don't know
> what.
> 
> check the archives:
> 
> <http://lists.freeradius.org/pipermail/freeradius-users/2012-
> May/061047.html>
> --
> .:.Sebastian Hagedorn - Weyertal 121 (Gebäude 133), Zimmer 2.02.:.
> .:.Regionales Rechenzentrum (RRZK).:.
> .:.Universität zu Köln / Cologne University - ✆ +49-221-470-89578.:.

Janet(UK) is a trading name of Jisc Collections and Janet Limited, a 
not-for-profit company which is registered in England under No. 2881024 
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


[prev in list] [next in list] [prev in thread] [next in thread]