How can I force freradius to authenticate through domainame\username
Get radtest to send the same data as sent by the Cisco client. See the server debug output in order to compare the two user names. Alan DeKok. Hi Alan, I forced radtest to pass, with this syntax: 1. radtest domainame\\\\\\\username password localhost 0 testing123 Debug is: ++[mschap] returns noop [suffix] No '@' in User-Name = "domainname\\username", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound [files] users: Matched entry DEFAULT at line 1 ++[files] returns ok [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. Found Auth-Type = ntlm_auth2 +- entering group authenticate {...} [ntlm_auth2] expand: --username=%{mschap:User-Name} -> --username=\username [ntlm_auth2] expand: --password=%{User-Password} -> --password=password Exec-Program output: NT_STATUS_OK: Success (0x0) Exec-Program-Wait: plaintext: NT_STATUS_OK: Success (0x0) Exec-Program: returned: 0 ++[ntlm_auth2] returns ok Login OK: [domainame\\\\username] (from client localhost port 0) 2. Debug, when I use vpn cisco client with domainname\\username is the same 3. Radtest doesn't pass with less backslahes then 7 : ) ( \\\\\\\ ) radtest domainame\\\\\\username password localhost 0 testing123 [suffix] No '@' in User-Name = "domainame\username", looking up realm NULL ........ [ntlm_auth2] expand: --username=%{mschap:User-Name} -> --username=username [ntlm_auth2] expand: --password=%{User-Password} -> --password=password Exec-Program output: NT_STATUS_NO_SUCH_USER: No such user (0xc0000064) Exec-Program-Wait: plaintext: NT_STATUS_NO_SUCH_USER: No such user (0xc0000064) Exec-Program: returned: 1 ++[ntlm_auth2] returns reject Failed to authenticate the user. Login incorrect: [domainname\\username/password] (from client localhost port 0) 4. When I use only 2 backslashes: radtest domainame\\username password localhost 0 testing123 [suffix] No '@' in User-Name = "domainnameusername", looking up realm NULL .............. [ntlm_auth2] expand: --username=%{mschap:User-Name} -> --username=domainnameusername [ntlm_auth2] expand: --password=%{User-Password} -> --password=password Exec-Program output: NT_STATUS_NO_SUCH_USER: No such user (0xc0000064) Exec-Program-Wait: plaintext: NT_STATUS_NO_SUCH_USER: No such user (0xc0000064) Exec-Program: returned: 1 ++[ntlm_auth2] returns reject Failed to authenticate the user. Login incorrect: [domainnameusername/password] (from client localhost port 0) I don’t have a problem with radtest if vpn client would authenticate with domainname\username Thank you