<div dir="ltr"><div>Alan,</div><div><br></div>I finally made EAP-GTC using ntlm_auth to work. Basically my initial configuration inside "gtc" sub-section of raddb/eap.conf was correct and modifying raddb/modules/ntlm_auth from "%{mschap:User-Name}" to "%{User-Name}" was also correct. I can also use %{%{mschap:User-Name}:-%{User-Name}} that is also working fine and won't break mschap testing thru radtest.<div>
<div><br></div><div>The problem lies somewhere else, in this case something inside file raddb/users where the following line was added when I configured freeRadius with EAP-MSCHAPv2 and testing it with radtest:<div>DEFAULT Auth-Type := ntlm_auth</div>
<div><br></div><div><div class="gmail_extra">Once I removed that line from raddb/users, EAP-GTC with ntlm_auth works. So, the "gtc" sub-section inside raddb/eap.conf is as follow:</div><div class="gmail_extra"><br>
gtc {</div><div class="gmail_extra"> ....</div><div class="gmail_extra"> challenge = "Password: "</div><div class="gmail_extra"> ....</div><div class="gmail_extra"> ....</div><div class="gmail_extra">
auth_type = ntlm_auth</div><div class="gmail_extra">}</div><div class="gmail_extra"><br></div><div class="gmail_extra">and raddb/modules/ntlm_auth content:</div><div class="gmail_extra"><br></div><div class="gmail_extra">
exec ntlm_auth {</div><div class="gmail_extra"> wait yes</div><div class="gmail_extra"> program = "/usr/bin/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{%{mschap:User-Name}:-%{User-Name}} --password=%{User-Password}</div>
<div class="gmail_extra">} </div><div class="gmail_extra"><br></div><div class="gmail_extra">Again, thank you for all the supports.<br></div><div class="gmail_extra"><br></div><div class="gmail_extra"><br></div><div class="gmail_extra">
Regards,</div><div class="gmail_extra">Dono</div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Sep 27, 2013 at 9:50 AM, Alan DeKok <span dir="ltr"><<a href="mailto:aland@deployingradius.com" target="_blank">aland@deployingradius.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">Don wrote:<br>
> Nothing secret, as I said I tried both configuration (one at a time)<br>
> inside "gtc" sub-section of eap.conf.<br>
<br>
</div> That's a problem. NOTHING in the documentation or examples says to do<br>
that. LOTS of documentation and examples give the CORRECT way to use<br>
ntlm_auth.<br>
<div class="im"><br>
> I did that, but that didn't work.<br>
<br>
</div> See the FAQ for "it doesn't work"<br>
<div class="im"><br>
> Perhaps I didn't configure the<br>
> ntlm_auth module though there is modules/ntlm_auth created when I<br>
> configured EAP-MSCHAPv2 with ntlm_auth.<br>
<br>
</div> Perhaps you could try following the examples on <a href="http://deployingradius.com" target="_blank">deployingradius.com</a>,<br>
or the examples distributed with the server.<br>
<div class="im"><br>
> My understanding about RADIUS is that client sends AccessRequest and<br>
> wait for either: AccessReject, AccessAccept, or AccessChallenge. If it<br>
> gets AccessChallenge and later gets another AccessChallenge again, it<br>
> will response, until it gets AccessAccept or AccessReject. The client<br>
> that I am using is NetMotion Mobility XE.<br>
<br>
</div> Which is all useless and irrelevant. I asked about the EAP-GTC spec,<br>
not RADIUS.<br>
<div class="im"><br>
> Thank you once again for your response. Apologize if I am wasting your<br>
> time, not my intention.<br>
<br>
</div> If you ask questions on this list, you need to follow the instructions<br>
we give. Doing anything else is rude.<br>
<br>
You've been very careful to say as little as possible about what<br>
you're doing. You've also been careful to NOT follow the documentation<br>
or examples.<br>
<br>
That explains why you're having issues making it work.<br>
<span class="HOEnZb"><font color="#888888"><br>
Alan DeKok.<br>
</font></span><div class="HOEnZb"><div class="h5">-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
</div></div></blockquote></div><br></div></div></div></div></div>