ntlm_auth fails for none domain

John elmer_radius at yahoo.com.cn
Thu Jul 1 06:42:44 CEST 2010


Hi,  
 
We are using freeRADIUS talk to multiple ADs integration.  I updated my freeRADIUS from 1.1.6 to 2.1.9 recently. 
 
"xjtu" is our default domain, for users under this domain will only use username to authenticate to RADIUS. With 1.1.6, it will get "xjtu" as domain; But with 2.1.9, it will not, please see the debug info below.
 
 
It is the related part in configuration file:
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --domain=%{mschap:NT-Domain:-xjtu} --username=%{mschap:User-Name} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
 
 
It is debug info: 
[mschap] Told to do MS-CHAPv2 for hhe with NT-Password
[mschap] No NT-Domain was found in the User-Name.
[mschap]  expand: --domain=%{mschap:NT-Domain} -> --domain=
[mschap]  expand: --username=%{mschap:User-Name:-None} -> --username=hhe
[mschap]  mschap2: a6
[mschap]  expand: --challenge=%{mschap:Challenge:-00} -> --challenge=ddca17e9bfdaf05a
[mschap]  expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=741e305efc7bce1071682eee0b3c37142b184b9544242304
 
John


      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100701/d99e0cda/attachment.html>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: mschap
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100701/d99e0cda/attachment.ksh>


More information about the Freeradius-Users mailing list