Nie jesteś zalogowany.
Jeśli nie posiadasz konta, zarejestruj je już teraz! Pozwoli Ci ono w pełni korzystać z naszego serwisu. Spamerom dziękujemy!

Ogłoszenie

Prosimy o pomoc dla małej Julki — przekaż 1% podatku na Fundacji Dzieciom zdazyć z Pomocą.
Więcej informacji na dug.net.pl/pomagamy/.

Strony: 1

 

#1  2014-07-02 13:30:45

  zbyszekgit - Użytkownik

zbyszekgit
Użytkownik
Zarejestrowany: 2014-04-29

Freeradius+AD

Witam,

Mam postawionego Debiana z freradiusem, który jest dołączony do domeny Windows 2008. 
Jednak przy teście użytkownika z domeny wywala mi następujący błąd:

Kod:

Sending Access-Request of id 237 to 127.0.0.1 port 1812
    User-Name = "radius"
    NAS-IP-Address = 127.0.1.1
    NAS-Port = 0
    Message-Authenticator = 0x00000000000000000000000000000000
    MS-CHAP-Challenge = 0x7683a7abbc2255ec
    MS-CHAP-Response =
0x0001000000000000000000000000000000000000000000000000a694a18af533fba029ed30b26b8d46827b58b67aa17a62b1
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=237,
length=38
    MS-CHAP-Error = "\000E=691 R=1"

W trybie debug freeradius raportuje:

Kod:

User-Name = "radius"
    NAS-IP-Address = 127.0.1.1
    NAS-Port = 0
    Message-Authenticator = 0x3187afa3b1983c459622447e005e7674
    MS-CHAP-Challenge = 0x7683a7abbc2255ec
    MS-CHAP-Response =
0x0001000000000000000000000000000000000000000000000000a694a18af533fba029ed30b26b8d46827b58b67aa17a62b1
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
[mschap] Found MS-CHAP attributes.  Setting 'Auth-Type  = mschap'
++[mschap] returns ok
++[digest] returns noop
[suffix] No '@' in User-Name = "radius", looking up
realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] returns noop
Found Auth-Type = MSCHAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group MS-CHAP {...}
[mschap] Told to do MS-CHAPv1 with NT-Password
Invalid variable expansion passed as argument for external program
[mschap] External script failed.
[mschap] MS-CHAP-Response is incorrect.
++[mschap] returns reject
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> radius
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 9 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 9
Sending Access-Reject of id 237 to 127.0.0.1 port 35162
    MS-CHAP-Error = "\000E=691 R=1"
Waking up in 4.9 seconds.
Cleaning up request 9 ID 237 with timestamp +1944
Ready to process requests.

Standardowe rozwiązanie problem znalezione w sieci nie sktukuje tj zmiana uprawnienń do katalogu /var/run/samba/winbindd_privi...
CZy ktoś spotkał się z podobnym problemem? Wydaje mi się, że coś jest nie tak  z protokołem MS-CHAP...

Offline

 

 

Strony: 1

Stopka forum

Powered by PunBB
© Copyright 2002–2005 Rickard Andersson
Możesz wyłączyć AdBlock — tu nie ma reklam ;-)

[ Generated in 0.006 seconds, 9 queries executed ]

Informacje debugowania

Time (s) Query
0.00009 SET CHARSET latin2
0.00004 SET NAMES latin2
0.00122 SELECT u.*, g.*, o.logged FROM punbb_users AS u INNER JOIN punbb_groups AS g ON u.group_id=g.g_id LEFT JOIN punbb_online AS o ON o.ident='3.145.59.244' WHERE u.id=1
0.00057 REPLACE INTO punbb_online (user_id, ident, logged) VALUES(1, '3.145.59.244', 1732769617)
0.00043 SELECT * FROM punbb_online WHERE logged<1732769317
0.00059 SELECT t.subject, t.closed, t.num_replies, t.sticky, f.id AS forum_id, f.forum_name, f.moderators, fp.post_replies, 0 FROM punbb_topics AS t INNER JOIN punbb_forums AS f ON f.id=t.forum_id LEFT JOIN punbb_forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id=3) WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.id=26080 AND t.moved_to IS NULL
0.00005 SELECT search_for, replace_with FROM punbb_censoring
0.00093 SELECT u.email, u.title, u.url, u.location, u.use_avatar, u.signature, u.email_setting, u.num_posts, u.registered, u.admin_note, p.id, p.poster AS username, p.poster_id, p.poster_ip, p.poster_email, p.message, p.hide_smilies, p.posted, p.edited, p.edited_by, g.g_id, g.g_user_title, o.user_id AS is_online FROM punbb_posts AS p INNER JOIN punbb_users AS u ON u.id=p.poster_id INNER JOIN punbb_groups AS g ON g.g_id=u.group_id LEFT JOIN punbb_online AS o ON (o.user_id=u.id AND o.user_id!=1 AND o.idle=0) WHERE p.topic_id=26080 ORDER BY p.id LIMIT 0,25
0.00076 UPDATE punbb_topics SET num_views=num_views+1 WHERE id=26080
Total query time: 0.00468 s