FreeRadius + ntlm_auth + blank character in the NT group name

charles at copel.com charles at copel.com
Fri Oct 5 14:30:18 CEST 2007 

Hi:

I need to Configure my FreeRadius to authenticate  NT users in a 
determinate NT Group that has a "blank character" in  the name. 
My NT Group name is "COPEL\Acesso Remoto".

When I execute the "ntlm_auth" program in the command line:  it works. The 
command line is below:

[root at FreeRADIUS /usr/local/etc/raddb]# ntlm_auth 
--require-membership-of='COPEL\Acesso Remoto' --request-nt-key 
--domain=COPEL --username=radius --password=radius
NT_STATUS_OK: Success (0x0)
[root at FreeRADIUS /usr/local/etc/raddb]#

When I configure the "ntlm_auth" program in the radiusd.conf, my 
FreeRadius show the followings messages:
...
auth: type "win_domain"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
radius_xlat:  '--username=radius'
radius_xlat:  '--password=radius'
[2007/10/05 09:10:42, 0] utils/ntlm_auth.c:get_require_membership_sid(237)
  Winbindd lookupname failed to resolve 'COPEL\Acesso Remoto' into a SID!
Exec-Program output:
Exec-Program: returned: 1
rlm_exec (win_domain): External script failed
  modcall[authenticate]: module "win_domain" returns fail for request 0
modcall: leaving group authenticate (returns fail) for request 0
auth: Failed to validate the user.
Login incorrect: [radius/radius] (from client cerberus2 port 0)
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 239 to 10.4.3.248 port 32795
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 239 with timestamp 470629c2
Nothing to do.  Sleeping until we see a request.

My FreeRadius don´t get to find the NT group. It sounds like problem when 
FreeRadius find the "blank character" in the name of group. 
My environment is: FreeBSD 6.2 + Samba 3.0.24 + freeradius 1.1.6 

Any Idea ?

Best Regards,
Charles.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20071005/50b2a458/attachment.html>

More information about the Freeradius-Users mailing list