mschap direct-to-Winbind different behaviour
Matthew Newton
mcn4 at leicester.ac.uk
Tue Mar 8 14:39:50 CET 2016
On Tue, Mar 08, 2016 at 01:27:10PM +0000, Jonathan Gazeley wrote:
> Yes. I spotted this just after hitting send. I tried commenting
> winbind_domain and repeating the test. It warns that the domain is not
> present but will continue anyway,
Yes, it's just a warning to prompt people who might have forgotten
to set it. Nothing more.
> and then runs into the same error as
> before. So I don't think it is this.
I never had computer auth in mind when writing that, and never
tested it, so looks like you might be the first one :) I'd assumed
(wrongly it seems) that people doing computer auth would just use
EAP-TLS.
It looks like the error is discussed in
https://technet.microsoft.com/en-us/library/jj852275.aspx
ntlm_auth uses essentially the same calls internally, so I'd have
to check to see if it is setting something that the FreeRADIUS
code isn't.
Matthew
--
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users
mailing list