Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [root@atrad1 samba]# radtest -t mschap DJ XXXXXX localhost 0 testing123
- Sent Access-Request Id 74 from 0.0.0.0:52168 to 127.0.0.1:1812 length 134
- User-Name = "DJ"
- MS-CHAP-Password = "XXXXXXX"
- NAS-IP-Address = 172.17.193.158
- NAS-Port = 0
- Message-Authenticator = 0x00
- Cleartext-Password = "XXXXXXX"
- MS-CHAP-Challenge = 0x06dd3edb901acbed
- MS-CHAP-Response = 0x0001000000000000000000000000000000000000000000000000cfe7e0424d792f5f1656850933c1077d41f8e39299745891
- Received Access-Reject Id 74 from 127.0.0.1:1812 to 0.0.0.0:0 length 61
- MS-CHAP-Error = "\000E=691 R=1 C=c5fed0be232504da V=2"
- (0) -: Expected Access-Accept got Access-Reject
- [root@atrad1 samba]#
- Ready to process requests
- (0) Received Access-Request Id 74 from 127.0.0.1:52168 to 127.0.0.1:1812 length 134
- (0) User-Name = "DJ"
- (0) NAS-IP-Address = 172.17.193.158
- (0) NAS-Port = 0
- (0) Message-Authenticator = 0x6cf7186cc7d9e8fba6504d79b49ddf25
- (0) MS-CHAP-Challenge = 0x06dd3edb901acbed
- (0) MS-CHAP-Response = 0x0001000000000000000000000000000000000000000000000000cfe7e0424d792f5f1656850933c1077d41f8e39299745891
- (0) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (0) authorize {
- (0) policy filter_username {
- (0) if (&User-Name) {
- (0) if (&User-Name) -> TRUE
- (0) if (&User-Name) {
- (0) if (&User-Name =~ / /) {
- (0) if (&User-Name =~ / /) -> FALSE
- (0) if (&User-Name =~ /@[^@]*@/ ) {
- (0) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (0) if (&User-Name =~ /\.\./ ) {
- (0) if (&User-Name =~ /\.\./ ) -> FALSE
- (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (0) if (&User-Name =~ /\.$/) {
- (0) if (&User-Name =~ /\.$/) -> FALSE
- (0) if (&User-Name =~ /@\./) {
- (0) if (&User-Name =~ /@\./) -> FALSE
- (0) } # if (&User-Name) = notfound
- (0) } # policy filter_username = notfound
- (0) [preprocess] = ok
- (0) [chap] = noop
- (0) mschap: Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
- (0) [mschap] = ok
- (0) [digest] = noop
- (0) suffix: Checking for suffix after "@"
- (0) suffix: No '@' in User-Name = "DJ", looking up realm NULL
- (0) suffix: No such realm "NULL"
- (0) [suffix] = noop
- (0) eap: No EAP-Message, not doing EAP
- (0) [eap] = noop
- (0) [files] = noop
- (0) [expiration] = noop
- (0) [logintime] = noop
- (0) pap: WARNING: No "known good" password found for the user. Not setting Auth-Type
- (0) pap: WARNING: Authentication will fail unless a "known good" password is available
- (0) [pap] = noop
- (0) } # authorize = ok
- (0) Found Auth-Type = mschap
- (0) # Executing group from file /etc/raddb/sites-enabled/default
- (0) authenticate {
- (0) mschap: Client is using MS-CHAPv1 with NT-Password
- (0) mschap: Executing: /usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name:-None} --domain=%{%{mschap:NT-Domain}:-atc-hpe} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}:
- (0) mschap: EXPAND --username=%{mschap:User-Name:-None}
- (0) mschap: --> --username=DJ
- (0) mschap: ERROR: No NT-Domain was found in the User-Name
- (0) mschap: EXPAND --domain=%{%{mschap:NT-Domain}:-atc-hpe}
- (0) mschap: --> --domain=atc-hpe
- (0) mschap: mschap1: 06
- (0) mschap: EXPAND --challenge=%{mschap:Challenge:-00}
- (0) mschap: --> --challenge=06dd3edb901acbed
- (0) mschap: EXPAND --nt-response=%{mschap:NT-Response:-00}
- (0) mschap: --> --nt-response=cfe7e0424d792f5f1656850933c1077d41f8e39299745891
- (0) mschap: ERROR: Program returned code (1) and output 'Reading winbind reply failed! (0xc0000001)'
- (0) mschap: External script failed
- (0) mschap: ERROR: External script says: Reading winbind reply failed! (0xc0000001)
- (0) mschap: ERROR: MS-CHAP2-Response is incorrect
- (0) [mschap] = reject
- (0) } # authenticate = reject
- (0) Failed to authenticate the user
- (0) Using Post-Auth-Type Reject
- (0) # Executing group from file /etc/raddb/sites-enabled/default
- (0) Post-Auth-Type REJECT {
- (0) attr_filter.access_reject: EXPAND %{User-Name}
- (0) attr_filter.access_reject: --> DJohnson
- (0) attr_filter.access_reject: Matched entry DEFAULT at line 11
- (0) [attr_filter.access_reject] = updated
- (0) [eap] = noop
- (0) policy remove_reply_message_if_eap {
- (0) if (&reply:EAP-Message && &reply:Reply-Message) {
- (0) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
- (0) else {
- (0) [noop] = noop
- (0) } # else = noop
- (0) } # policy remove_reply_message_if_eap = noop
- (0) } # Post-Auth-Type REJECT = updated
- (0) Delaying response for 1.000000 seconds
- Waking up in 0.2 seconds.
- Waking up in 0.7 seconds.
- (0) Sending delayed response
- (0) Sent Access-Reject Id 74 from 127.0.0.1:1812 to 127.0.0.1:52168 length 61
- (0) MS-CHAP-Error = "\000E=691 R=1 C=c5fed0be232504da V=2"
- Waking up in 3.9 seconds.
- (0) Cleaning up request packet ID 74 with timestamp +18
- Ready to process requests
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement