<html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:times new roman, new york, times, serif;font-size:12pt"><div>I am Sorry,<br>I have a little problem with english, and i know it might be annoying for you! but i am not sure to understand what you are adcing me right now.<br><br>1- um.. using "mschap:User-Name" <br> (how can i do that? in radiusd.conf, mschap section? or in ntlm_ath configuration files?)<br><br>2- using Stripped-User-Name<br> * activating the ntdomain hack is needed in this case, <br> OR <br> * enabling prefix domain module<br><br>(I repeat to be sure that you get what i understood).<br>I am not yet so familiar with that parameters of FR althouht it is not so magic.<br><br>so here is a part of my
Radiusd.conf: (section mschap) and i think i did well but worries about the ntlm_command (commented) on there. could you just put me on the lane?<br><br>***************************************************<br>mschap {<br> <br> # if use_mppe is not set to no mschap will<br> # add MS-CHAP-MPPE-Keys for MS-CHAPv1 and<br> # MS-MPPE-Recv-Key/MS-MPPE-Send-Key for MS-CHAPv2<br> #<br> use_mppe = no<br><br> # if mppe is enabled require_encryption makes<br> # encryption moderate<br> #<br> require_encryption = yes<br><br> # require_strong always requires 128 bit
key<br> # encryption<br> #<br> require_strong = yes<br><br> # Windows sends us a username in the form of<br> # DOMAIN\user, but sends the challenge response<br> # based on only the user portion. This hack<br> # corrects for that incorrect behavior.<br> #<br> with_ntdomain_hack = yes<br><br> # The module can perform authentication itself, OR<br> # use a Windows Domain Controller. This configuration<br> # directive tells the module to call the ntlm_auth<br> # program,
which will do the authentication, and return<br> # the NT-Key. Note that you MUST have "winbindd" and<br> # "nmbd" running on the local machine for ntlm_auth<br> # to work. See the ntlm_auth program documentation<br> # for details.<br> #<br> # Be VERY careful when editing the following line!<br> #<br> # You can also try setting the user name as:<br> #<br> # ... --username=%{mschap:User-Name} ...<br> #<br> # In that case, the mschap module will look at the User-Name<br>
# attribute, and do prefix/suffix checks in order to obtain<br> # the "best" user name for the request.<br> #<br> #ntlm_auth = "/path/to/ntlm_auth --request-nt-key --username=%{Stripped-User-Name:-%{User-Name:-None}} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"<br><br> ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{Stripped-User-Name:-%{User-Name:-None}} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"<br>***************************************************<br></div><div style="font-family: times new roman,new york,times,serif; font-size: 12pt;"><br><div style="font-family: arial,helvetica,sans-serif; font-size: 13px;"><br><br>but that command (above) is not what you're telling freeradius to do.<br>look at the output
from FR and note the differences. as Iven has stated,<br>you will need to use EITHER mschap:User-Name, OR carry on using Stripped-User-Name<br>but activate the ntdomain hack and enable prefix doamin module - or<br>stripped-user-name will still be wrong!<br><br>alan<br>-<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br></div></div></div><br>
<hr size="1">
Envoyé avec <a href="http://us.rd.yahoo.com/mailuk/taglines/isp/control/*http://us.rd.yahoo.com/evt=52423/*http://fr.docs.yahoo.com/mail/overview/index.html">Yahoo! Mail</a>.<br>Une boite mail plus intelligente. </a></body></html>