MSCHAPv2 Module with Stripped-Username - no ActiveDirectory
lists at v-net.tk
Sun Nov 11 21:56:58 CET 2018
Hmm... Meanwhile I think that you didn‘t understand the problem. You’re just talking around the problem, not about the problem neither trying to help solving it...
The nt hash is calculated from the password, not from the username that’s why it's possible to modify the user on the radius server and that’s why you could use the otp in the username. And how do you call ntlm_auth called from eap? It‘s an external program, not contained in freeradius. In my opinion this is an *external magical possibility* using a stripped username for AD authentication.
> Am 11.11.2018 um 21:31 schrieb Alan DeKok <aland at deployingradius.com>:
>> On Nov 11, 2018, at 3:26 PM, Markus Maurer <lists at v-net.tk> wrote:
>> I understand the problem, but I can't believe that there is no workaround. It's just because freeradius can't handle the stripped username in eap, thats all.
> That's not what I said.
> In fact, I said *explicitly* the opposite in my previous message.
> If you're not going to bother reading my answers, why are you posting questions here?
>> So please explain me why it's working with AD then?
> Since you didn't post debug output or anything else that the documentations suggests, no.
> I'm done here.
> Alan DeKok.
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> This email was Malware checked by UTM 9. http://www.sophos.com
More information about the Freeradius-Users