Talking to Windows 2003 AD

Iain Grant Iain.Grant at scri.ac.uk
Thu Mar 18 09:53:21 CET 2010


Thanks Alan,

The double '==' in the ntlm_auth command was the culprit. Things are
working today.
p.s. I had already stripped the usernames and verified the password so
that was fine.

Iain Grant
Linux System Administrator
Scottish Crop Research Institute

				Date: Wed, 17 Mar 2010 17:23:37 +0000
				From: Alan Buxey
<A.L.M.Buxey at lboro.ac.uk>
				Subject: Re: Talking to Windows 2003 AD
				To: FreeRadius users mailing list
	
<freeradius-users at lists.freeradius.org>
				Message-ID:
<20100317172337.GA16756 at lboro.ac.uk>
				Content-Type: text/plain;
charset=us-ascii

				Hi,

				>  Now when I go to the next step and
enable this in /etc/raddb/modules/mschap
				> 
				>         ntlm_auth =
"/usr/bin/ntlm_auth --request-nt-key
--username==%{%{Stripped-User-Name}:-%{User-Name:-None}}
--domain=%{%{mschap:NT-Domain}:-OURDOMAIN}
--challenge=%{mschap:Challenge:-00}
--nt-response=%{mschap:NT-Response:-00}"

				radiusd -X

				and show us at least that bit where that
command is called.

				you have 2 == is your command. is that
intentional?  you are allowing usernames
				that havent been sanitised or are blank
(none) - is that intentional?

				alan


______________________________________________________
SCRI, Invergowrie, Dundee, DD2 5DA.  
The Scottish Crop Research Institute is a charitable company limited by guarantee. 
Registered in Scotland No: SC 29367.
Recognised by the Inland Revenue as a Scottish Charity No: SC 006662.


DISCLAIMER:

This email is from the Scottish Crop Research Institute, but the views expressed by the sender are not necessarily the views of SCRI and its subsidiaries.  This email and any files transmitted with it are confidential to the intended recipient at the e-mail address to which it has been addressed.  It may not be disclosed or used by any other than that
addressee.
If you are not the intended recipient you are requested to preserve this confidentiality and you must not use, disclose, copy, print or rely on this e-mail in any way. Please notify postmaster at scri.ac.uk quoting the name of the sender and delete the email from your system.

Although SCRI has taken reasonable precautions to ensure no viruses are present in this email, neither the Institute nor the sender accepts any responsibility for any viruses, and it is your responsibility to scan the email and the attachments (if any).
______________________________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100318/063c28d7/attachment.html>


More information about the Freeradius-Users mailing list