freeradius3 unable authenticate ldap user through mschap

classic Classic list List threaded Threaded
6 messages Options
| Threaded
Open this post in threaded view
|

freeradius3 unable authenticate ldap user through mschap

Karunagaran D
Dear Team,

   I have configured ldap module and successfully authenticate  in radtest,
but i Unable to authenticate ldap users through mschap

Herewith I am attaching the successful ldap authentication file and
unsucessful authentication ldap users through mschap


Please help


Regards,
Karunad

--




D.Karunagaran
Network Administrator,
SSN College of Engineering,
Old Mahabalipuram Road, Kalavakkam -603110, Chennai, India,
Ph: +91-44-27469700/27469772   Ext: 222;

--
::DISCLAIMER::


---------------------------------------------------------------------
The
contents of this e-mail and any attachment(s) are confidential and
intended
for the named recipient(s) only. Views or opinions, if any,
presented in
this email are solely those of the author and may not
necessarily reflect
the views or opinions of SSN Institutions (SSN) or its
affiliates. Any form
of reproduction, dissemination, copying, disclosure,
modification,
distribution and / or publication of this message without the
prior written
consent of authorized representative of SSN is strictly
prohibited. If you
have received this email in error please delete it and
notify the sender
immediately.

---------------------------------------------------------------------

Header of this mail should have a valid DKIM signature for the domain
ssn.edu.in <http://www.ssn.edu.in/>

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

ldap-sucess.txt (6K) Download Attachment
ldap-mschap-unsucess.txt (7K) Download Attachment
| Threaded
Open this post in threaded view
|

Re: freeradius3 unable authenticate ldap user through mschap

Fajar A. Nugraha-2
On Wed, Nov 6, 2019 at 10:16 AM Karunagaran D <[hidden email]> wrote:

>
> Dear Team,
>
>    I have configured ldap module and successfully authenticate  in radtest,
> but i Unable to authenticate ldap users through mschap
>
> Herewith I am attaching the successful ldap authentication file and
> unsucessful authentication ldap users through mschap
>
>
> Please help


Your log says

(1) mschap: WARNING: No Cleartext-Password configured.  Cannot create
NT-Password
(1) mschap: WARNING: No Cleartext-Password configured.  Cannot create
LM-Password
(1) mschap: Client is using MS-CHAPv1 with NT-Password
(1) mschap: ERROR: FAILED: No NT/LM-Password.  Cannot perform authentication


Meaning your LDAP server doesn't provide Cleartext-Password,
NT-Password, or LM-password to freeradius.
If you use Active Directory, you can configure ntlm_auth. But if it's
something else, and you don't store user passwords as clear text/NT
hash in ldap, then mschapv2 with ldap won't work. See
http://deployingradius.com/documents/protocols/oracles.html

--
Fajar
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: freeradius3 unable authenticate ldap user through mschap

Karunagaran D
Dear Sir,
  Thank you for the valuable information, We are using Active Directory. We
will look into the document.

Regards,
Karunad

On Wed, Nov 6, 2019 at 2:13 PM Fajar A. Nugraha <[hidden email]> wrote:

> On Wed, Nov 6, 2019 at 10:16 AM Karunagaran D <[hidden email]> wrote:
> >
> > Dear Team,
> >
> >    I have configured ldap module and successfully authenticate  in
> radtest,
> > but i Unable to authenticate ldap users through mschap
> >
> > Herewith I am attaching the successful ldap authentication file and
> > unsucessful authentication ldap users through mschap
> >
> >
> > Please help
>
>
> Your log says
>
> (1) mschap: WARNING: No Cleartext-Password configured.  Cannot create
> NT-Password
> (1) mschap: WARNING: No Cleartext-Password configured.  Cannot create
> LM-Password
> (1) mschap: Client is using MS-CHAPv1 with NT-Password
> (1) mschap: ERROR: FAILED: No NT/LM-Password.  Cannot perform
> authentication
>
>
> Meaning your LDAP server doesn't provide Cleartext-Password,
> NT-Password, or LM-password to freeradius.
> If you use Active Directory, you can configure ntlm_auth. But if it's
> something else, and you don't store user passwords as clear text/NT
> hash in ldap, then mschapv2 with ldap won't work. See
> http://deployingradius.com/documents/protocols/oracles.html
>
> --
> Fajar
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html



--




D.Karunagaran
Network Administrator,
SSN College of Engineering,
Old Mahabalipuram Road, Kalavakkam -603110, Chennai, India,
Ph: +91-44-27469700/27469772   Ext: 222;

--
::DISCLAIMER::


---------------------------------------------------------------------
The
contents of this e-mail and any attachment(s) are confidential and
intended
for the named recipient(s) only. Views or opinions, if any,
presented in
this email are solely those of the author and may not
necessarily reflect
the views or opinions of SSN Institutions (SSN) or its
affiliates. Any form
of reproduction, dissemination, copying, disclosure,
modification,
distribution and / or publication of this message without the
prior written
consent of authorized representative of SSN is strictly
prohibited. If you
have received this email in error please delete it and
notify the sender
immediately.

---------------------------------------------------------------------

Header of this mail should have a valid DKIM signature for the domain
ssn.edu.in <http://www.ssn.edu.in/>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: freeradius3 unable authenticate ldap user through mschap

Fajar A. Nugraha-2
On Thu, Nov 7, 2019 at 11:31 AM Karunagaran D <[hidden email]> wrote:
>
> Dear Sir,
>   Thank you for the valuable information, We are using Active Directory. We
> will look into the document.

See https://wiki.freeradius.org/guide/FreeRADIUS-Active-Directory-Integration-HOWTO

--
Fajar
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: freeradius3 unable authenticate ldap user through mschap

Karunagaran D
Dear Sir,
Thank you, we will go through document and update you
Regards,
KarunaD

On Thu, Nov 7, 2019 at 1:29 PM Fajar A. Nugraha <[hidden email]> wrote:

> On Thu, Nov 7, 2019 at 11:31 AM Karunagaran D <[hidden email]> wrote:
> >
> > Dear Sir,
> >   Thank you for the valuable information, We are using Active Directory.
> We
> > will look into the document.
>
> See
> https://wiki.freeradius.org/guide/FreeRADIUS-Active-Directory-Integration-HOWTO
>
> --
> Fajar
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html



--




D.Karunagaran
Network Administrator,
SSN College of Engineering,
Old Mahabalipuram Road, Kalavakkam -603110, Chennai, India,
Ph: +91-44-27469700/27469772   Ext: 222;

--
::DISCLAIMER::


---------------------------------------------------------------------
The
contents of this e-mail and any attachment(s) are confidential and
intended
for the named recipient(s) only. Views or opinions, if any,
presented in
this email are solely those of the author and may not
necessarily reflect
the views or opinions of SSN Institutions (SSN) or its
affiliates. Any form
of reproduction, dissemination, copying, disclosure,
modification,
distribution and / or publication of this message without the
prior written
consent of authorized representative of SSN is strictly
prohibited. If you
have received this email in error please delete it and
notify the sender
immediately.

---------------------------------------------------------------------

Header of this mail should have a valid DKIM signature for the domain
ssn.edu.in <http://www.ssn.edu.in/>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: freeradius3 unable authenticate ldap user through mschap

Karunagaran D
Dear Sir,

    I have gone through the document and successfully configured the
ntlm_auth in freeradius.
I have login with only user name as SAMACCOUNTNAME (example user=karunad)
but I unable to authenticate user as userPrincipalName(UPN) (example user=
[hidden email])

How to update ntlm_auth --user as userprincipalname(UPN)

Please Help!

Regards,
KarunaD

On Thu, Nov 7, 2019 at 3:49 PM Karunagaran D <[hidden email]> wrote:

> Dear Sir,
> Thank you, we will go through document and update you
> Regards,
> KarunaD
>
> On Thu, Nov 7, 2019 at 1:29 PM Fajar A. Nugraha <[hidden email]> wrote:
>
>> On Thu, Nov 7, 2019 at 11:31 AM Karunagaran D <[hidden email]> wrote:
>> >
>> > Dear Sir,
>> >   Thank you for the valuable information, We are using Active
>> Directory. We
>> > will look into the document.
>>
>> See
>> https://wiki.freeradius.org/guide/FreeRADIUS-Active-Directory-Integration-HOWTO
>>
>> --
>> Fajar
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>
>
>
> --
>
>
>
>
> D.Karunagaran
> Network Administrator,
> SSN College of Engineering,
> Old Mahabalipuram Road, Kalavakkam -603110, Chennai, India,
> Ph: +91-44-27469700/27469772   Ext: 222;
>


--




D.Karunagaran
Network Administrator,
SSN College of Engineering,
Old Mahabalipuram Road, Kalavakkam -603110, Chennai, India,
Ph: +91-44-27469700/27469772   Ext: 222;

--
::DISCLAIMER::


---------------------------------------------------------------------
The
contents of this e-mail and any attachment(s) are confidential and
intended
for the named recipient(s) only. Views or opinions, if any,
presented in
this email are solely those of the author and may not
necessarily reflect
the views or opinions of SSN Institutions (SSN) or its
affiliates. Any form
of reproduction, dissemination, copying, disclosure,
modification,
distribution and / or publication of this message without the
prior written
consent of authorized representative of SSN is strictly
prohibited. If you
have received this email in error please delete it and
notify the sender
immediately.

---------------------------------------------------------------------

Header of this mail should have a valid DKIM signature for the domain
ssn.edu.in <http://www.ssn.edu.in/>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html