libwbclient with PAP

Matthew Newton mcn4 at leicester.ac.uk
Mon Oct 17 15:48:58 CEST 2016


On Mon, Oct 17, 2016 at 01:27:42PM +0000, Adam Bishop wrote:
> On 14 Oct 2016, at 15:13, Matthew Newton <mcn4 at leicester.ac.uk> wrote:
> > With 3.0, no - use ntlm_auth.
> 
> All up and working - two quick question about the libwb integration:
> 
>   (197) mschap: ERROR: No such user [0xC0000064]

0xC0000064 is "No such user", so that is correct (this error comes
directly from Samba)

>   (197) mschap: ERROR: Password has expired.  User should retry authentication

That shouldn't happen.

What version / git hash?

> Is "password expired" expected when a non-existent user is submitted?

No

>   (197) mschap: Creating challenge hash with username: radtest at dev.ja.net
>   (197) mschap: Client is using MS-CHAPv2
>   (197) mschap: EXPAND %{mschap:User-Name}
>   (197) mschap:    --> radtest at dev.ja.net
>   (197) mschap: ERROR: No NT-Domain was found in the User-Name
> 
> Do I need to be splitting the username manually here, or should it be figuring that out automatically?

I usually split manually and not rely on the %{mschap: magic. But
whatever works really. MSCHAP usernames can be weird. The magic
should work with domain\username style IIRC.

Matthew


-- 
Matthew Newton, Ph.D. <mcn4 at leicester.ac.uk>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>


More information about the Freeradius-Users mailing list