handling win domain name in username

Crne We crnewe at yahoo.com
Wed Sep 26 22:00:42 CEST 2012


Here is the failure trace for this user:       domain1\user1 Cleartext-Password := "pass1":

The backslash leads the code to think it's System auth_type when in fact it's PAP.


Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1:63550, id=1, length=58
        User-Name = "domain1\\user1"
        User-Password = "pass1"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
radius_xlat:  '../var/log/radius/radacct/127.0.0.1/auth-detail-20120926.log
rlm_detail: ../var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m
g expands to ../var/log/radius/radacct/127.0.0.1/auth-detail-20120926.log
  modcall[authorize]: module "auth_log" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    rlm_realm: No '@' in User-Name = "domain1\\user1", looking up realm

    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 0
    users: Matched entry DEFAULT at line 171
  modcall[authorize]: module "files" returns ok for request 0
rlm_pap: WARNING! No "known good" password found for the user.  Authenticat
ay fail because of this.
  modcall[authorize]: module "pap" returns noop for request 0
modcall: leaving group authorize (returns ok) for request 0
  rad_check_password:  Found Auth-Type System
auth: type "System"
  ERROR: Unknown value specified for Auth-Type.  Cannot perform requested a
.
auth: Failed to validate the user.
Login incorrect: [domain1\\user1/pass1] (from client localhost port 0)



________________________________
 From: Crne We <crnewe at yahoo.com>
To: alan buxey <A.L.M.Buxey at lboro.ac.uk>; FreeRadius users mailing list <freeradius-users at lists.freeradius.org> 
Sent: Wednesday, September 26, 2012 12:07 PM
Subject: Re: handling win domain name in username
 

The user name in LDAP is of the form domainname\username. I wanted to configure the same username in the freeradius as well but different password than LDAP. Authentication fails on the Radius side with this kind of username. If freeradius doesn;t care, not sure why it fails for such usernames.


________________________________
 From: alan buxey <A.L.M.Buxey at lboro.ac.uk>
To: Crne We <crnewe at yahoo.com>; FreeRadius users mailing list <freeradius-users at lists.freeradius.org> 
Sent: Wednesday, September 26, 2012 1:07 AM
Subject: Re: handling win domain name in username
 
Hi,
>    Environmnet: Freeradius with PAP on Windows
>                         Username: domain\user1
>                         password: *******
>    Looks like the Freeradius doesn't seem to like the windows domain name as
>    part of username?

FreeRADIUS doesnt care. your chosen authentication method cares.  if you dont want that 'domain'
to appear then use the prefix module and ensure you have that domain listed in proxy.conf eg

domain {
}

alan



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120926/2ea920ff/attachment-0001.html>


More information about the Freeradius-Users mailing list