<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=utf-8">
<META content="MSHTML 6.00.6000.17097" name=GENERATOR></HEAD>
<BODY style="MARGIN: 4px 4px 1px; FONT: 10pt Tahoma">
<DIV>Hi all i have freeradius 2.1.10 setup on a SLES server. When the workstation boots it sends an mschapv2 request in the form host/machinename. What is the best way to convert this to machinename$ ? Sorry if this has been asked before Im stumped and cannot find the answer.</DIV>
<DIV> </DIV>
<DIV>Here is part of the log:</DIV>
<DIV> </DIV>
<DIV>
<DIV>Ready to process requests.<BR>rad_recv: Access-Request packet from host 10.152.0.100 port 32819, id=79, length=203<BR> NAS-IP-Address = 10.152.0.100<BR> NAS-Port = 0<BR> NAS-Port-Type = Wireless-802.11<BR> User-Name = "host/TECH-11501"<BR> Calling-Station-Id = "00265EE9B2CA"<BR> Called-Station-Id = "000B86611894"<BR> MS-CHAP-Challenge = 0x0568442cb1608fce03cb2662dcf52694<BR> MS-CHAP2-Response = 0x07007e63e9fa7fb503e4cfff2a2c00568698000000000000000057f0c5ece05913c5eeaf48096b25dcbd01f39d20a71404e1<BR> Service-Type = Login-User<BR> Aruba-Essid-Name = "HPSD_RAD2"<BR> Aruba-Location-Id = "Tech 01"<BR># Executing section authorize from file /etc/raddb/sites-enabled/default<BR>+- entering group authorize {...}<BR>++[preprocess] returns ok<BR>++[chap] returns noop<BR>[mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap'<BR>++[mschap] returns ok<BR>++[digest] returns noop<BR>[suffix] No <A href="mailto:'@'">'@'</A> in User-Name = "host/TECH-11501", looking up realm NULL<BR>[suffix] No such realm "NULL"<BR>++[suffix] returns noop<BR>[eap] No EAP-Message, not doing EAP<BR>++[eap] returns noop<BR>++[files] returns noop<BR>[ldap] performing user authorization for host/TECH-11501<BR>[ldap] expand: (uid=%{mschap:User-Name:-%{User-Name}}) -> (uid=TECH-11501$)<BR>[ldap] expand: o=hpsd_48 -> o=hpsd_48<BR> [ldap] ldap_get_conn: Checking Id: 0<BR> [ldap] ldap_get_conn: Got Id: 0<BR> [ldap] performing search in o=hpsd_48, with filter (uid=TECH-11501$)<BR>[ldap] Added the eDirectory password xxxxx in check items as Cleartext-Password<BR>[ldap] No default NMAS login sequence<BR>[ldap] looking for check items in directory...<BR>[ldap] looking for reply items in directory...<BR>[ldap] user host/TECH-11501 authorized to use remote access<BR> [ldap] ldap_release_conn: Release Id: 0<BR>++[ldap] returns ok<BR>++[expiration] returns noop<BR>++[logintime] returns noop<BR>[pap] WARNING: Auth-Type already set. Not setting to PAP<BR>++[pap] returns noop<BR>Found Auth-Type = MSCHAP<BR># Executing group from file /etc/raddb/sites-enabled/default<BR>+- entering group MS-CHAP {...}<BR>[mschap] Creating challenge hash with username: host/TECH-11501<BR>[mschap] Told to do MS-CHAPv2 for host/TECH-11501 with NT-Password<BR>[mschap] FAILED: MS-CHAP2-Response is incorrect<BR>++[mschap] returns reject<BR>Failed to authenticate the user.<BR>Using Post-Auth-Type Reject<BR># Executing group from file /etc/raddb/sites-enabled/default<BR>+- entering group REJECT {...}<BR>[attr_filter.access_reject] expand: %{User-Name} -> host/TECH-11501<BR> attr_filter: Matched entry DEFAULT at line 11<BR>++[attr_filter.access_reject] returns updated<BR>Delaying reject of request 13 for 1 seconds<BR>Going to the next request<BR>Waking up in 0.9 seconds.<BR>Sending delayed reject for request 13<BR>Sending Access-Reject of id 79 to 10.152.0.100 port 32819<BR>Waking up in 4.9 seconds.<BR>Cleaning up request 13 ID 79 with timestamp +926<BR>Ready to process requests.</DIV>
<DIV> </DIV>
<DIV>Here is the log from same machine after logging in:</DIV>
<DIV> </DIV>
<DIV>Waking up in 4.9 seconds.<BR>rad_recv: Access-Request packet from host 10.152.0.100 port 32819, id=82, length=194<BR> NAS-IP-Address = 10.152.0.100<BR> NAS-Port = 0<BR> NAS-Port-Type = Wireless-802.11<BR> User-Name = "mjones"<BR> Calling-Station-Id = "00265EE9B2CA"<BR> Called-Station-Id = "000B86611894"<BR> MS-CHAP-Challenge = 0xe744e26bd3741ff3a339f931e5d541cc<BR> MS-CHAP2-Response = 0x070001ee52a851770be78f667189c6bdec3b000000000000000050e99570745eb5a68f290dfe79879837d3997b7aa9b7b3cc<BR> Service-Type = Login-User<BR> Aruba-Essid-Name = "HPSD_RAD2"<BR> Aruba-Location-Id = "Tech 01"<BR># Executing section authorize from file /etc/raddb/sites-enabled/default<BR>+- entering group authorize {...}<BR>++[preprocess] returns ok<BR>++[chap] returns noop<BR>[mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap'<BR>++[mschap] returns ok<BR>++[digest] returns noop<BR>[suffix] No <A href="mailto:'@'">'@'</A> in User-Name = "mjones", looking up realm NULL<BR>[suffix] No such realm "NULL"<BR>++[suffix] returns noop<BR>[eap] No EAP-Message, not doing EAP<BR>++[eap] returns noop<BR>++[files] returns noop<BR>[ldap] performing user authorization for mjones<BR>[ldap] expand: (uid=%{mschap:User-Name:-%{User-Name}}) -> (uid=mjones)<BR>[ldap] expand: o=hpsd_48 -> o=hpsd_48<BR> [ldap] ldap_get_conn: Checking Id: 0<BR> [ldap] ldap_get_conn: Got Id: 0<BR> [ldap] performing search in o=hpsd_48, with filter (uid=mjones)<BR>[ldap] Added the eDirectory password xxxx in check items as Cleartext-Password<BR>[ldap] looking for check items in directory...<BR>[ldap] looking for reply items in directory...<BR>[ldap] user mjones authorized to use remote access<BR> [ldap] ldap_release_conn: Release Id: 0<BR>++[ldap] returns ok<BR>++[expiration] returns noop<BR>++[logintime] returns noop<BR>[pap] WARNING: Auth-Type already set. Not setting to PAP<BR>++[pap] returns noop<BR>Found Auth-Type = MSCHAP<BR># Executing group from file /etc/raddb/sites-enabled/default<BR>+- entering group MS-CHAP {...}<BR>[mschap] Creating challenge hash with username: mjones<BR>[mschap] Told to do MS-CHAPv2 for mjones with NT-Password<BR>[mschap] adding MS-CHAPv2 MPPE keys<BR>++[mschap] returns ok<BR># Executing section post-auth from file /etc/raddb/sites-enabled/default<BR>+- entering group post-auth {...}<BR>++[exec] returns noop<BR>Sending Access-Accept of id 82 to 10.152.0.100 port 32819<BR> MS-CHAP2-Success = 0x07533d41344438423931334434454244384437463634353436353933374137343737324136433138463139<BR> MS-MPPE-Recv-Key = 0x263a0e89b5a8a78aa7e728c79ea3844f<BR> MS-MPPE-Send-Key = 0xfef0768ff8ca7d3a76d43ce8feb4189b<BR> MS-MPPE-Encryption-Policy = 0x00000001<BR> MS-MPPE-Encryption-Types = 0x00000006<BR>Finished request 16.<BR>Going to the next request<BR>Waking up in 3.7 seconds.<BR>Cleaning up request 15 ID 81 with timestamp +1049<BR>Waking up in 1.2 seconds.<BR>Cleaning up request 16 ID 82 with timestamp +1051<BR>Ready to process requests.<BR></DIV>
<DIV>Thanks all</DIV>
<DIV> </DIV>
<DIV>Mark</DIV>
<DIV><BR> </DIV></DIV><BR>
<p>
<font face="Times New Roman"><b>This communication is intended for the
use of the recipient to which it is addressed and may contain
confidential, personal and/or privileged information. If you received
this e-mail in error, please advise me (by return e-mail or otherwise)
immediately.</b></font>
</p>
</BODY></HTML>