API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 22nd, 2019
149
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.06 KB | None | 0 0
raw download clone embed print report
  1. [root@atrad1 samba]# radtest -t mschap DJ XXXXXX localhost 0 testing123
  2. Sent Access-Request Id 74 from 0.0.0.0:52168 to 127.0.0.1:1812 length 134
  3. User-Name = "DJ"
  4. MS-CHAP-Password = "XXXXXXX"
  5. NAS-IP-Address = 172.17.193.158
  6. NAS-Port = 0
  7. Message-Authenticator = 0x00
  8. Cleartext-Password = "XXXXXXX"
  9. MS-CHAP-Challenge = 0x06dd3edb901acbed
  10. MS-CHAP-Response = 0x0001000000000000000000000000000000000000000000000000cfe7e0424d792f5f1656850933c1077d41f8e39299745891
  11. Received Access-Reject Id 74 from 127.0.0.1:1812 to 0.0.0.0:0 length 61
  12. MS-CHAP-Error = "\000E=691 R=1 C=c5fed0be232504da V=2"
  13. (0) -: Expected Access-Accept got Access-Reject
  14. [root@atrad1 samba]#
  15.  
  16.  
  17. Ready to process requests
  18. (0) Received Access-Request Id 74 from 127.0.0.1:52168 to 127.0.0.1:1812 length 134
  19. (0) User-Name = "DJ"
  20. (0) NAS-IP-Address = 172.17.193.158
  21. (0) NAS-Port = 0
  22. (0) Message-Authenticator = 0x6cf7186cc7d9e8fba6504d79b49ddf25
  23. (0) MS-CHAP-Challenge = 0x06dd3edb901acbed
  24. (0) MS-CHAP-Response = 0x0001000000000000000000000000000000000000000000000000cfe7e0424d792f5f1656850933c1077d41f8e39299745891
  25. (0) # Executing section authorize from file /etc/raddb/sites-enabled/default
  26. (0) authorize {
  27. (0) policy filter_username {
  28. (0) if (&User-Name) {
  29. (0) if (&User-Name) -> TRUE
  30. (0) if (&User-Name) {
  31. (0) if (&User-Name =~ / /) {
  32. (0) if (&User-Name =~ / /) -> FALSE
  33. (0) if (&User-Name =~ /@[^@]*@/ ) {
  34. (0) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  35. (0) if (&User-Name =~ /\.\./ ) {
  36. (0) if (&User-Name =~ /\.\./ ) -> FALSE
  37. (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  38. (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  39. (0) if (&User-Name =~ /\.$/) {
  40. (0) if (&User-Name =~ /\.$/) -> FALSE
  41. (0) if (&User-Name =~ /@\./) {
  42. (0) if (&User-Name =~ /@\./) -> FALSE
  43. (0) } # if (&User-Name) = notfound
  44. (0) } # policy filter_username = notfound
  45. (0) [preprocess] = ok
  46. (0) [chap] = noop
  47. (0) mschap: Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
  48. (0) [mschap] = ok
  49. (0) [digest] = noop
  50. (0) suffix: Checking for suffix after "@"
  51. (0) suffix: No '@' in User-Name = "DJ", looking up realm NULL
  52. (0) suffix: No such realm "NULL"
  53. (0) [suffix] = noop
  54. (0) eap: No EAP-Message, not doing EAP
  55. (0) [eap] = noop
  56. (0) [files] = noop
  57. (0) [expiration] = noop
  58. (0) [logintime] = noop
  59. (0) pap: WARNING: No "known good" password found for the user. Not setting Auth-Type
  60. (0) pap: WARNING: Authentication will fail unless a "known good" password is available
  61. (0) [pap] = noop
  62. (0) } # authorize = ok
  63. (0) Found Auth-Type = mschap
  64. (0) # Executing group from file /etc/raddb/sites-enabled/default
  65. (0) authenticate {
  66. (0) mschap: Client is using MS-CHAPv1 with NT-Password
  67. (0) mschap: Executing: /usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name:-None} --domain=%{%{mschap:NT-Domain}:-atc-hpe} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}:
  68. (0) mschap: EXPAND --username=%{mschap:User-Name:-None}
  69. (0) mschap: --> --username=DJ
  70. (0) mschap: ERROR: No NT-Domain was found in the User-Name
  71. (0) mschap: EXPAND --domain=%{%{mschap:NT-Domain}:-atc-hpe}
  72. (0) mschap: --> --domain=atc-hpe
  73. (0) mschap: mschap1: 06
  74. (0) mschap: EXPAND --challenge=%{mschap:Challenge:-00}
  75. (0) mschap: --> --challenge=06dd3edb901acbed
  76. (0) mschap: EXPAND --nt-response=%{mschap:NT-Response:-00}
  77. (0) mschap: --> --nt-response=cfe7e0424d792f5f1656850933c1077d41f8e39299745891
  78. (0) mschap: ERROR: Program returned code (1) and output 'Reading winbind reply failed! (0xc0000001)'
  79. (0) mschap: External script failed
  80. (0) mschap: ERROR: External script says: Reading winbind reply failed! (0xc0000001)
  81. (0) mschap: ERROR: MS-CHAP2-Response is incorrect
  82. (0) [mschap] = reject
  83. (0) } # authenticate = reject
  84. (0) Failed to authenticate the user
  85. (0) Using Post-Auth-Type Reject
  86. (0) # Executing group from file /etc/raddb/sites-enabled/default
  87. (0) Post-Auth-Type REJECT {
  88. (0) attr_filter.access_reject: EXPAND %{User-Name}
  89. (0) attr_filter.access_reject: --> DJohnson
  90. (0) attr_filter.access_reject: Matched entry DEFAULT at line 11
  91. (0) [attr_filter.access_reject] = updated
  92. (0) [eap] = noop
  93. (0) policy remove_reply_message_if_eap {
  94. (0) if (&reply:EAP-Message && &reply:Reply-Message) {
  95. (0) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
  96. (0) else {
  97. (0) [noop] = noop
  98. (0) } # else = noop
  99. (0) } # policy remove_reply_message_if_eap = noop
  100. (0) } # Post-Auth-Type REJECT = updated
  101. (0) Delaying response for 1.000000 seconds
  102. Waking up in 0.2 seconds.
  103. Waking up in 0.7 seconds.
  104. (0) Sending delayed response
  105. (0) Sent Access-Reject Id 74 from 127.0.0.1:1812 to 127.0.0.1:52168 length 61
  106. (0) MS-CHAP-Error = "\000E=691 R=1 C=c5fed0be232504da V=2"
  107. Waking up in 3.9 seconds.
  108. (0) Cleaning up request packet ID 74 with timestamp +18
  109. Ready to process requests
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!