Freeradius authenticate against Active directory
trevor obba
trevor_obba at yahoo.co.uk
Fri Sep 13 01:23:47 CEST 2013
I am running freeradius 2.2.0, I have configured freeradius
to authenticate against active directory and also offer eduroam service
When I authenticate
my username as “test” and password in to my wireless devices it works.
However if I try to authenticate my username as test at abc.ac.uk it does not work because
freeradius pass on test at abc.ac.uk to active
directory without stripping out @abc.ac.uk as shown below:
[mschapv2] # Executing group from file
/etc/freeradius/sites-enabled/inner-tunnel
[mschapv2] +- entering group MS-CHAP {...}
[mschap] Creating challenge hash with username:
test at abc.ac.uk
[mschap] Client is using MS-CHAPv2 for test at abc.ac.uk,
we need NT-Password
[mschap]
expand: --username=%{mschap:User-Name:-None} -> --username=test at abc.ac.uk
[mschap] No NT-Domain was found in the User-Name.
[mschap]
expand: %{mschap:NT-Domain} ->
[mschap]
... expanding second conditional
[mschap]
expand: --domain=%{%{mschap:NT-Domain}:-UNIVERSITY} -> --domain=UNIVERSITY
[mschap] Creating challenge hash with username:
test at abc.ac.uk
[mschap]
expand: --challenge=%{mschap:Challenge:-00} -> --challenge=6d98addf3855kk34f22
[mschap]
expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=278994tg713ccd713g8876666k1196faaf038ef
Exec-Program output: Logon failure (0xc00004f)
How can I fix the problem of authentication users that type
in there local realm @abc.ac.uk with their username as well as proxing eduroam
users?
Basically, how do I authenticate local user or stripe local
realm before pass to active directory for authentication?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130913/819db4fb/attachment-0001.html>
More information about the Freeradius-Users
mailing list