On Tue, Dec 08, 2015 at 11:38:16PM +0000, A.L.M.Buxey@lboro.ac.uk wrote:
(8) mschap : EXPAND --username=%{%{mschap:User-Name}:-00} (8) mschap : --> --username=CCS-252$
(8) mschap : EXPAND --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} (8) mschap : --> --username=host/CCS-252.cfs.uoguelph.ca
...err, yes...and NOW the server uses this broken version. delete that second entry so just CCS-252$ is used as you had before.
Ug. I'd just take the --challenge=683ac434c3c89a99 and --nt-response=55082eea2ef4b8b9d7fb4985c654723659cdee6d13ebe2ef and test them with ntlm_auth on the command line with different combinations of --username and --domain to find out what actually works. Then use that as a basis to work out what the config should be. If these are machines joined to a domain then won't they have certificates auto-enrolled from the domain anyway? In which case I'd just stick to PEAP/EAP-MSCHAPv2 for users and EAP-TLS for the machines. More conventional and faster auth as well. Matthew -- Matthew Newton, Ph.D. <mcn4@le.ac.uk> Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>