mschap direct-to-Winbind different behaviour
Matthew Newton
mcn4 at leicester.ac.uk
Tue Mar 8 15:08:01 CET 2016
On Tue, Mar 08, 2016 at 08:58:44AM -0500, Alan DeKok wrote:
> On Mar 8, 2016, at 8:57 AM, Matthew Newton <mcn4 at leicester.ac.uk> wrote:
> > Can you try the attached patch and see if it helps? (Entirely
> > untested here...)
>
> Use inline text. The mailing list strips most attachments
Hmm - OK, thanks. Thought patches were allowed through.
> because people were posting screenshots of a terminal window
> with the debug output.
Yeah, the reasons are clear :)
Matthew
>From 9743d4f6a435fdfb62e26f1734f3142cf5b20db8 Mon Sep 17 00:00:00 2001
From: Matthew Newton <mcn4 at leicester.ac.uk>
Date: Tue, 8 Mar 2016 13:52:14 +0000
Subject: [PATCH] update wbcAuthenticateUserEx params
---
src/modules/rlm_mschap/auth_wbclient.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/modules/rlm_mschap/auth_wbclient.c b/src/modules/rlm_mschap/auth_wbclient.c
index 1c8981d..f71cb6a 100644
--- a/src/modules/rlm_mschap/auth_wbclient.c
+++ b/src/modules/rlm_mschap/auth_wbclient.c
@@ -111,7 +111,9 @@ int do_auth_wbclient(rlm_mschap_t *inst, REQUEST *request,
memcpy(authparams.password.response.challenge, challenge,
sizeof(authparams.password.response.challenge));
- authparams.parameter_control |= WBC_MSV1_0_ALLOW_MSVCHAPV2;
+ authparams.parameter_control |= WBC_MSV1_0_ALLOW_MSVCHAPV2 |
+ WBC_MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT |
+ WBC_MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT;
/*
* Send auth request across to winbind
--
2.1.4
--
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users
mailing list