disclaimer: windows guy (but getting better at this nix thing)
I'm trying to set up FreeRadius (on debian 7, samba 3.6.6) to authenticate with AD
I've successfully joined the the radius machine to the domain (server 08 r2)
I can successfully wbinfo -u
I can successfully $ ntlm_auth --request-nt-key --domain=MYDOMAIN --username=user --password=password
so all seems good however when I run
radtest -t mschap user password localhost 0 testing123
I get Access-Reject ....[snip]...MS-CHAP-Error
= "\000E=691 R=1"
The debug output shows
Exec-Program output: Reading winbind reply failed! (0xc0000001)
MS-CHAP-Response is incorrect
My reading says that this may be a permissions issue (http://freeradius.1045715.n5.nabble.com/Reading-winbind-reply-failed-0xc0000001-td5713417.html
) however I have added
the freeradius process (freerad) to /etc/group/winbindd_priv
and still see the error.
I've searched and found nothing else to try...
(and yes all the services have been restarted - after each attempt to configure...)