[Samba] [EXTERNAL] Fwd: ntlm_auth and freeradius
Tim ODriscoll
tim.odriscoll at lambrookschool.co.uk
Mon Apr 3 15:08:33 UTC 2023
> I guess we have to look at the conf files then, first these two:
Thank you for the config file snippets. I can confirm mine were almost identical, so I've tweaked them so that they are now exactly the same as yours except for the "--require-membership-of=example\authorization_groupname" line in ntlm_auth.
Unfortunately it's still erroring out:
(7) mschap: Creating challenge hash with username: host/SL-6S4BBS3.MYDOMAIN.co.uk
(7) mschap: Client is using MS-CHAPv2
(7) mschap: Executing: /usr/bin/ntlm_auth --request-nt-key --username=%{%{mschap:User-Name}:-00} --allow-mschapv2 --domain=MYDOMAIN --challenge=%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00}:
(7) mschap: EXPAND --username=%{%{mschap:User-Name}:-00}
(7) mschap: --> --username=SL-6S4BBS3$
(7) mschap: Creating challenge hash with username: host/SL-6S4BBS3.MYDOMAIN.co.uk
(7) mschap: EXPAND --challenge=%{%{mschap:Challenge}:-00}
(7) mschap: --> --challenge=b45bc6ef86e0331a
(7) mschap: EXPAND --nt-response=%{%{mschap:NT-Response}:-00}
(7) mschap: --> --nt-response=a3748d3de88efabcf966a1740cb27a279d8923ebfac30d89
(7) mschap: ERROR: Program returned code (1) and output 'The attempted logon is invalid. This is either due to a bad username or authentication information. (0xc000006d)'
(7) mschap: External script failed
(7) mschap: ERROR: External script says: The attempted logon is invalid. This is either due to a bad username or authentication information. (0xc000006d)
(7) mschap: ERROR: MS-CHAP2-Response is incorrect
Did you have to change any other config files?
Thank you,
Tim
More information about the samba
mailing list