Change username for MSCHAPv2

Gabriele Verzeletti gabriele at verzeletti.org
Mon Jul 3 16:26:33 CEST 2017


Ok, changes made and it works now
I have

authorize {
         update request {
                 Stripped-User-Name := `/usr/local/bin/radius-username 
'%{User-Name}'`
         }

That convert my username into the correct form for my environment, and 
restored the ntlm_auth as in default:

ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key 
--username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} 
--challenge=%{%{mschap:Challenge}:-00} 
--nt-response=%{%{mschap:NT-Response}:-00}

Works like a charm
Thank you a lot

On 07/03/2017 02:36 PM, Alan DeKok wrote:
>> On Jul 3, 2017, at 8:28 AM, Gabriele Verzeletti <gabriele at verzeletti.org> wrote:
>>
>> Using Stripped-User-Name was one of my first try.
>> I got this error
>    Did you try using the default configuration for the mschap module?  Which has Stripped-User-Name in it?  And which works?
>
>> eap_mschapv2: # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
>> (8) eap_mschapv2:   Auth-Type MS-CHAP {
>> (8) mschap: Creating challenge hash with username: /user/@/domain.com/
>> (8) mschap: Client is using MS-CHAPv2
>> (8) mschap: Executing: /usr/bin/ntlm_auth --request-nt-key --username=%{%{mschap:Stripped-User-Name}:-None} --challenge=%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00}:
>> (8) mschap: ERROR: Unknown expansion string 'Stripped-User-Name' <--------------------------- UNKNOWN !!!!!
>    Yes... the default configuration has %{Stripped-User-Name}.  Not %{mschap:Stripped-User-Name}.
>
>    Why did you edit the default configuration and break it?
>
>    Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



More information about the Freeradius-Users mailing list