with_ntdomain_hack

King, Michael MKing at bridgew.edu
Wed May 10 22:11:45 CEST 2006


Try this ntlm_auth string (Watch for page breaks in email)

                ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
--username=%{mschap:User-Name} --challenge=%{mschap:Challeng
e} --nt-response=%{mschap:NT-Response} 

> -----Original Message-----
> From: 
> freeradius-users-bounces+mking=bridgew.edu at lists.freeradius.or
> g 
> [mailto:freeradius-users-bounces+mking=bridgew.edu at lists.freer
> adius.org] On Behalf Of Chris Liles
> Sent: Wednesday, May 10, 2006 3:51 PM
> To: FreeRadius users mailing list
> Subject: RE: with_ntdomain_hack
> 
> You are right, it was that I was lowercasing the username 
> before authentication...
> After I turned that off, I am getting further, it still 
> doesn't work and I believe it is because of a problem with 
> "Stripped-User-Name" and ntlm_auth
> 
> ntlm_auth is getting called with the entire username 
> "DOMAIN\user" and not "user" I don't understand why, as in 
> the config file it says:
> --username=%{Stripped-User-Name:-%{User-Name:-None}}
> 
> I didn't edit that part of the ntlm_auth line, just corrected 
> the path..
> I know this is a problem because when I use ntlm_auth from 
> the command line I can't use --username=DOMAIN\user I have to 
> use --username=user
> 
> I hacked up the line to just say %{Stripped-User-Name} but 
> that value must be null or something, because then ntlm_auth 
> gets called with "--username="
> 
> Any thoughts as to why I can't get the DOMAIN\ stripped when 
> calling ntlm_auth
> 
> Thanks!
> 
> --
> Chris Liles
> System Analyst
> Air2Web, Inc.
> 1230 Peachtree St. N.E.
> 12th Floor
> Atlanta, GA 30309
> 
> 
> -----Original Message-----
> From: 
> freeradius-users-bounces+chris.liles=air2web.com at lists.freerad
> ius.org 
> [mailto:freeradius-users-bounces+chris.liles=air2web.com at lists
> .freeradius.org] On Behalf Of King, Michael
> Sent: Wednesday, May 10, 2006 3:39 PM
> To: FreeRadius users mailing list
> Subject: RE: with_ntdomain_hack
> 
>  
> 
> > -----Original Message-----
> > I can't seem to figure out how to get with_ntdomain_hack set 
> > correctly.
> > 
> > I am trying to get peap going against active directory with winbind.
> > 
> > It works if I enter in the username and password from the windows 
> > supplicant prompt, but when I set the supplicant to send the 
> > information automatically it is appending the domain\ onto the 
> > username, and I can't get it to work?
> > 
> 
> 
> I don't think it's the ntdomain hack that is the problem (It 
> should be on, and I'm only aware of it being located in the 
> radiusd.conf file, just above the ntlm_auth line
> 
> I'd double check that your Samba config is correct.
> 
> -
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
> 
> -
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
> 




More information about the Freeradius-Users mailing list