mschap problem
Ivan Kalik
tnt at kalik.net
Thu Oct 22 11:12:11 CEST 2009
> I've configured freeradius to authenticate local users with our AD.
>
> When I use simple username "barbato" it works perfectly, but if I use
> barbato at igi.cnr.it
> it fails.
>
> From log it seems that it's not stripped the realm/domain part after @:
>
> [mschapv2] +- entering group MS-CHAP {...}
> [mschap] Told to do MS-CHAPv2 for barbato at igi.cnr.it with NT-Password
> [mschap] expand: --username=%{mschap:User-Name} ->
> --username=barbato at igi.cnr.it
> [mschap] mschap2: b9
> [mschap] expand: --challenge=%{mschap:Challenge:-00} -> --
> challenge=4e0cb755e2e70d10
> [mschap] expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-
> response=a0e03bda2615311436749b892e3a741d7a8605a1037fcce1
> Exec-Program output: Logon failure (0xc000006d)
Right, so you have altered the default ntlm_auth line and replaced
Stripped-User-Name with mschap:User-Name and now you are wondering why is
it not using Stripped-User-Name???
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list