freeradius and AD auth with option require-membership-of

Thu Sep 11 01:18:05 CEST 2014

What's the complete command-line you have in the mschap module?

Also, is the ntlm_auth location you specified in the mschap module the same as the one you get when you type "which ntlm_auth" on the command-line?

Stefan

________________________________
From: freeradius-users-bounces+stefan.paetow=ja.net at lists.freeradius.org [freeradius-users-bounces+stefan.paetow=ja.net at lists.freeradius.org] on behalf of Попов Александр [pop5s at mail.ru]
Sent: 10 September 2014 18:18
To: freeradius-users
Subject: Re[2]: freeradius and AD auth with option require-membership-of

Ok.thanks.
But why is the console command (ntlm_auth --request-nt-key --domain=lenfi.ru --username=test2 --require-membership-of='s-1-5-21-241991751-2423211274-3836920987-1626') is executed without problems?

 m>:
Попов Александр wrote:
> Ubuntu 14.04, freeradius 2.1.12+dfsg-1.1ubuntu0.1

  Upgrade to 2.2.5.

> When I add in mschap this option in debug I see:
>
> Could not parse s-1-5-21-241991751-2423211274-3836920987-1626 into
> separate domain/name parts!
> *** Error in `/usr/bin/ntlm_auth': free(): invalid pointer:
> 0x00007f13562b9e9c ***
> Exec-Program output: ?▒t?▒r▒▒▒<???▒▒▒▒1▒?▒▒I?|$?H?▒??j▒▒▒▒▒r (0xc000000d)
> Exec-Program-Wait: plaintext: ?▒t?▒r▒▒▒<???▒▒▒▒1▒?▒▒I?|$?H?▒??j▒▒▒▒▒r

  It looks like the ntlm_auth program is buggy. Fix that.

  This isn't a FreeRADIUS issue.

  Alan DeKok.

С уважением,
Попов Александр
pop5s at mail.ru

Janet(UK) is a trading name of Jisc Collections and Janet Limited, a 
not-for-profit company which is registered in England under No. 2881024 
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238