On Oct 30, 2015, at 8:54 AM, Thomas Stather <Thomas.Stather@mpimf-heidelberg.mpg.de> wrote:
I tried to set
password_attribute to "sambaNTPassword" but the error is still the same.
Post the *full* debug.
As we have the hashes in our LDAP it seems that i have to switch to "ntlm_auth" module
No. FreeRADIUS can get the hashes directly from LDAP.
radtest -t mschap tstather <my password> 127.0.0.1:18120 0 <shared secret>
it works, but connecting via WLAN fails. ... (8) mschap: --> --nt-response=9afa807de748f4cdfb1dcd7414d6ba3a9d5a787c18b448ad (8) mschap: ERROR: Program returned code (1) and output 'Logon failure (0xc000006d)'
Which seems pretty straightforward.
I think the problem comes from the "Mschap:User-Name" variable which holds the full username, i.e. "tstather@mpimf-heidelberg.mpg.de"
How can i change the configuration so that the username is the username without our realm, in this case "tstather"?
Don't. Fix it so that FreeRADIUS gets the passwords from LDAP. It will be simpler, faster, and easier to maintain. Alan DeKok.