Problem with freeradius 2.0 pre1 and realms
Christian Frank
christian.frank at rsel.renesas.com
Mon Aug 20 07:46:57 CEST 2007
Hi Alan,
Yes, i'am using the Stripped-User-Name and/or the Username.
I tried the with_nt_domain hack = yes, but it did not work :-( ..
But i read the radiusd.conf file and i could not find the
mschap:User-Name thing.
Where do i have to use mschap:Username ?
My understanding of how it should work is:
1. PEAP with mschapv2 is used
2. Freeradius gets the username and Password from my windows box.
3. The username is test\cfra
4. Freeradius finds my realm test and proxies to local, stripping of the domain part.
5. Authorization is done withh the username test.
6. Then authentication is done with test\cfra ??? And here is the point i do not understand it any more :-( ..
Why is the stripped of username only used in authorization ? I thought if i use freeradius my way, then authorization would be done
with ldap, authentication with eap ? Is that correct ?
What should i do to get this setup working ?
I'm really out of ideas now.
Cause i tried a similar setup with 1.1.7 and ntlm_auth (instead of ldap) and it works like expected there.
Thanks for your help in advance,
Best regards,
Christian
A.L.M.Buxey at lboro.ac.uk schrieb:
> hi,
>
> you are using the Stripped-User-Name and/or the User-Name.
>
> however, the method you are attempting to use goes through the
> MSCHAP module...so you want to look at using mschap:User-Name
> attribute. or use unlang to regexp the domain. have you also
> got with_ntdomain_hack = yes ?
>
> alan
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
****************************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. Access to this e-mail by anyone else is unauthorised.
If you are not the intended recipient, any disclosure, copying,
distribution or any action taken or omitted to be taken in reliance on
it, is prohibited.
E-mail messages are not necessarily secure. Renesas does not accept
responsibility for any changes made to this message after it was sent.
Please note that this email message has been swept by Renesas for
the presence of computer viruses.
Renesas Semiconductor Europe (Landshut) GmbH
Jenaer Strasse 1, 84034 Landshut
Tel.: +49-(0)871-684-0, Fax: +49-(0)871-684-150
www.rsel.renesas.com
GESCHAEFTSFUEHRER: Dipl.-Ing. YOSHIHARU KAKUI
GESCHAEFTSFUEHRER: Dipl.-Phys. STEFAN SAUER
Registergericht Landshut HRB 1464
Ust-ldNr.: DE 128953054 Steuer-Nr.: 132/136/30347
HypoVereinsbank, Landshut, Kto.-Nr. 3704 700 (BLZ 743 200 73)
Mizuho Corporate Bank (Germany) AG, Frankfurt, Kto.-Nr. 200 733 (BLZ 503 308 00)
****************************************************************************
More information about the Freeradius-Users
mailing list