winbind / ntlm_auth funny

Alan Buxey alan.buxey at gmail.com
Thu Jan 18 12:14:58 CET 2018


Or do what Matthew said , changing the nostrip alters the behaviour
elsewhere....

alan

On 18 Jan 2018 10:57 am, "Alex Sharaz via Freeradius-Users" <
freeradius-users at lists.freeradius.org> wrote:

> of course it helps if you READ THE WIKI PAGE YOU WROTE WHEN YOU TESTED IT
> MONTHS AGO instead of assuming you remembered what to do
>
> In proxy.conf ... comment out nostrip .... and it just worked
>
> Sigh!
>
> old age ... dememtia ,.... :-(
> A
>
> On 18 January 2018 at 10:52, Matthew Newton <mcn at freeradius.org> wrote:
>
> > On Thu, 2018-01-18 at 10:47 +0000, Alex Sharaz via Freeradius-Users
> > wrote:
> > > I've been using winbindd for a long time to authenticate york users
> > > .. and it "just works"
> >
> > Good to know.
> >
> > > with
> > >
> > >  winbind_username = "%{Stripped-User-Name}"
> > >         winbind_domain = "HYMS.AC.UK"
> > >
> > > plus a few other bits to get inner-tunnel to call mschap_hyms as
> > > appropriate
> >
> > OK.
> >
> > > ntlm_auth --username=eduroamtest2 --domain=HYMS.AC.UK
> > >
> > > and get the same no such user message
> > >
> > > However, try
> > > ntlm_auth --username=\eduroamtest2 --domain=HYMS.AC.UK
> > >
> > > and get a success after entering a password.
> >
> > That's... weird.
> >
> > > Thought I'd go back to using ntlm_auth in my FR config for HYMS
> > > So how do I prefix Stripped-user-name wtih a "\"  in inner-tunnel ?
> >
> > Use
> >
> >   winbind_username = "\\%{Stripped-User-Name}"
> >
> > ?
> >
> > --
> > Matthew
> >
> > -
> > List info/subscribe/unsubscribe? See http://www.freeradius.org/
> > list/users.html
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html


More information about the Freeradius-Users mailing list