[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: Re: Sudden User Authentication Rejection as a result Compatibility - error
From: Alan DeKok <aland () deployingradius ! com>
Date: 2015-02-24 15:40:36
Message-ID: 442864D0-863E-4FCA-88EF-87603A92930A () deployingradius ! com
[Download RAW message or body]
On Feb 24, 2015, at 8:47 AM, Clement Ogedengbe <c.ogedengbe@worc.ac.uk> wrote:
> I have now tested the server with eapol_test (without certificate validation) and \
> it failed. I tested using the eaptest config below (PEAP & TTLS) : (I have masked \
> out userid & password).
That's bad.
> EAP-MSCHAPV2: Received success
> EAP-MSCHAPV2: Invalid authenticator response in success request
That's the problem.
Why does it happen?
> [mschap_ad] Creating challenge hash with username: uwjrstest
> [mschap_ad] expand: --challenge=%{mschap_ad:Challenge:-00} -> \
> --challenge=eb2123a7a496e886 [mschap_ad] expand: \
> --nt-response=%{mschap_ad:NT-Response:-00} -> \
> --nt-response=4619af06b81d1426e5c7921fe751e5f46b7ee3456b3b0c7f Exec-Program output: \
> NT_KEY: 51C1A08577E4ECDBBD59863E8B0BF5BD
> Exec-Program-Wait: plaintext: NT_KEY: 51C1A08577E4ECDBBD59863E8B0BF5BD
ntlm_auth is giving the wrong response to FreeRADIUS.
i.e. the problem isn't FreeRADIUS.
Re-start Samba, winbindd, etc. Then try it again. It should work.
If it doesn't, upgrade Samba to a version that works. Or (sad to say) downgrade it \
to a version that works.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic