On Mon, 2018-11-12 at 10:43 +0000, Adam Bishop wrote:
On 12 Nov 2018, at 10:09, Markus Maurer <lists@v-net.tk> wrote:
You *cannot* make this work using MSCHAP and AD.It is working.
Did you send the right debug log? That shows a user being authenticated from a cleartext password in the users file and the stripped-user-name not being discarded:
Debug: (1) mschap: Found Cleartext-Password, hashing to create NT-Password Debug: (1) mschap: Found Cleartext-Password, hashing to create LM-Password Debug: (1) mschap: Creating challenge hash with username: johndoe:123456
Which is exactly what Alan said could be done right back at the start of the thread yesterday: On 2018-11-11 at 16:46 +0000, Alan DeKok wrote:
If the users name and password is in SQL, then it's possible. Look up the user in SQL based on the Stripped-User-Name (which is the default). And, do the MS-CHAP calculations based on the real User-Name (which is also the default).
-- Matthew