(RADIATOR) AuthBy LSA and Lan Manager Auth Level
Kirk Byers
ktbyers at stanford.edu
Wed Dec 1 16:29:19 CST 2004
Hugh,
OK, thanks.
Do you have any estimates on the timeframes for when NTLMv2 will be
supported?
Kirk
>
> Hello Kirk -
>
> I have just been discussing this issue with Mike here in the office.
>
> Unfortunately the Win32-LSA module does not currently support NTLMv2.
>
> Mike will look at adding support for it in the new year.
>
> Our apologies for the inconvenience.
>
> regards
>
> Hugh
>
>
> On 2 Dec 2004, at 04:25, Kirk T Byers wrote:
>
>> Hugh,
>>
>> OK, I have upgraded to Radiator 3.11 (plus patches). I still have the
>> same issue. The error message is the same as before, "WARNING: Could
>> not LogonUserNetworkMSCHAP (V2): 3221225581, 0, Logon failure: unknown
>> user name or bad password". I tried this both with and without
>> specifying
>> the domain in my PEAP supplicant (i.e. both with and without the "NT\"
>> prefix). I looked at the new lsa_eap_peap.cfg, and didn't see any
>> meaningful differences between my configuration and the example
>> configuration. The only difference was that I had the
>> "DefaultDomain NT"
>> set (although I tried it both with and without this). I also looked
>> at the
>> example lsa.cfg, but this didn't look applicable since I am using PEAP.
>>
>> Here is the end of the logfile from my last attempt. This is with
>> "DefaultDomain NT" set, and without specifying the domain in the
>> supplicant.
>>
>>
>> Kirk
>>
>>
>>
>> Wed Dec 1 08:55:38 2004: DEBUG: Packet dump:
>> *** Received from 171.64.19.234 port 21645 ....
>> Code: Access-Request
>> Identifier: 72
>> Authentic:
>> SM=<209><9><155><231><227><204><167><184><220><135>h<171><204>
>> Attributes:
>> User-Name = "testuser"
>> Framed-MTU = 1400
>> Called-Station-Id = "0011.931f.57c0"
>> Calling-Station-Id = "000c.41a9.930f"
>> Message-Authenticator =
>> <208><249><209><7><236>x<<217><203><169><167><19
>> 7><142>*<192>L
>> EAP-Message =
>> <2><9><0>Y<25><0><23><3><1><0>N<244>m<140><21><218>p<29>i<
>> 208>q<218><212><142><1>M<231><174><168>L<246><168><155><225><227>K<144>
>> <225><248
>>
>>> <250><150><228>!
>>> <0><228><138><178><204><159>V<186><31>e<135><242><129><244>u6><
>>
>> 149>
>> 8<229><229><211><193>++<20><154><192><216>2<14><203><25>l<172>.<178>^<2
>> 1><2
>> 09>Z<169><154>#<189>
>> NAS-Port-Type = Wireless-IEEE-802-11
>> NAS-Port = 322
>> Service-Type = Framed-User
>> NAS-IP-Address = 171.64.19.234
>> NAS-Identifier = "ap"
>>
>> Wed Dec 1 08:55:38 2004: DEBUG: Handling request with Handler ''
>> Wed Dec 1 08:55:38 2004: DEBUG: Deleting session for testuser,
>> 171.64.19.234, 322
>> Wed Dec 1 08:55:38 2004: DEBUG: Handling with Radius::AuthFILE:
>> Wed Dec 1 08:55:38 2004: DEBUG: Handling with EAP: code 2, 9, 89
>> Wed Dec 1 08:55:38 2004: DEBUG: Response type 25
>> Wed Dec 1 08:55:38 2004: DEBUG: EAP PEAP inner authentication
>> request for
>> anonymous
>> Wed Dec 1 08:55:38 2004: DEBUG: PEAP Tunnelled request Packet dump:
>> Code: Access-Request
>> Identifier: UNDEF
>> Authentic: <138><198><252><222>nI<23>$X<219><221><2>3<217>s<224>
>> Attributes:
>> EAP-Message =
>> <2><9><0>><26><2><9><0>=1<144><150><222>=<188><237>vB<173>
>> <209><204><136>~D<215>~<0><0><0><0><0><0><0><0><23><255>q/
>> <230><6><187><170>5w<1
>> 9><198>5<180><154>A<183><137>M<150><148><3><225><253><0>testuser
>> Message-Authenticator =
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>
>> User-Name = "anonymous"
>> NAS-IP-Address = 171.64.19.234
>> NAS-Identifier = "ap"
>> NAS-Port = 322
>> Calling-Station-Id = "000c.41a9.930f"
>>
>> Wed Dec 1 08:55:38 2004: DEBUG: Handling request with Handler
>> 'TunnelledByPEAP=1'
>> Wed Dec 1 08:55:38 2004: DEBUG: Deleting session for ,
>> 171.64.19.234, 322
>> Wed Dec 1 08:55:38 2004: DEBUG: Handling with Radius::AuthLSA:
>> Wed Dec 1 08:55:38 2004: DEBUG: Handling with EAP: code 2, 9, 62
>> Wed Dec 1 08:55:38 2004: DEBUG: Response type 26
>> Wed Dec 1 08:55:38 2004: DEBUG: Radius::AuthLSA looks for match with
>> testuser
>> Wed Dec 1 08:55:38 2004: DEBUG: Radius::AuthLSA ACCEPT:
>> Wed Dec 1 08:55:38 2004: WARNING: Could not LogonUserNetworkMSCHAP
>> (V2):
>> 3221225581, 0, Logon failure: unknown user name or bad password.
>>
>> Wed Dec 1 08:55:38 2004: DEBUG: EAP result: 1, EAP MSCHAP-V2
>> Authentication
>> failure
>> Wed Dec 1 08:55:38 2004: INFO: Access rejected for anonymous: EAP
>> MSCHAP-V2
>> Authentication failure
>> Wed Dec 1 08:55:38 2004: DEBUG: EAP result: 3, EAP PEAP inner
>> authentication redespatched to a Handler
>> Wed Dec 1 08:55:38 2004: DEBUG: Access challenged for testuser: EAP
>> PEAP
>> inner authentication redespatched to a Handler
>> Wed Dec 1 08:55:38 2004: DEBUG: Packet dump:
>> *** Sending to 171.64.19.234 port 21645 ....
>> Code: Access-Challenge
>> Identifier: 72
>> Authentic:
>> SM=<209><9><155><231><227><204><167><184><220><135>h<171><204>
>> Attributes:
>> EAP-Message =
>> <1><10><0>&<25><0><23><3><1><0><27><24><253><234>&~<10><15
>> 2><<248><144><28><197>7<163>cF<147><215>~<139>i<141>z<215><165><177><13
>> 7>
>> Message-Authenticator =
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>
>>
>> Wed Dec 1 08:55:38 2004: DEBUG: Packet dump:
>> *** Received from 171.64.19.234 port 21645 ....
>> Code: Access-Request
>> Identifier: 73
>> Authentic: <154><206><167>LM{<178><245><135>2/<l<18><144><28>
>> Attributes:
>> User-Name = "testuser"
>> Framed-MTU = 1400
>> Called-Station-Id = "0011.931f.57c0"
>> Calling-Station-Id = "000c.41a9.930f"
>> Message-Authenticator =
>> <239><166>xq!<215><23><198>)<175><29>@x@<210><18
>> 3>
>> EAP-Message =
>> <2><10><0>&<25><0><23><3><1><0><27><244>lH<206>H88<254><15
>> 0><182><132><24><216><10>9<7><202><240>}<244><244><188><240>=<165>Pm
>> NAS-Port-Type = Wireless-IEEE-802-11
>> NAS-Port = 322
>> Service-Type = Framed-User
>> NAS-IP-Address = 171.64.19.234
>> NAS-Identifier = "ap"
>>
>> Wed Dec 1 08:55:38 2004: DEBUG: Handling request with Handler ''
>> Wed Dec 1 08:55:38 2004: DEBUG: Deleting session for testuser,
>> 171.64.19.234, 322
>> Wed Dec 1 08:55:38 2004: DEBUG: Handling with Radius::AuthFILE:
>> Wed Dec 1 08:55:38 2004: DEBUG: Handling with EAP: code 2, 10, 38
>> Wed Dec 1 08:55:38 2004: DEBUG: Response type 25
>> Wed Dec 1 08:55:38 2004: DEBUG: EAP result: 1, PEAP Authentication
>> Failure
>> Wed Dec 1 08:55:38 2004: INFO: Access rejected for testuser: PEAP
>> Authentication Failure
>> Wed Dec 1 08:55:38 2004: DEBUG: Packet dump:
>> *** Sending to 171.64.19.234 port 21645 ....
>> Code: Access-Reject
>> Identifier: 73
>> Authentic: <154><206><167>LM{<178><245><135>2/<l<18><144><28>
>> Attributes:
>> EAP-Message = <4><10><0><4>
>> Message-Authenticator =
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>
>> Reply-Message = "Request Denied"
>>
>> --
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>>
>>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive
> (www.open.com.au/archives/radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list