Thanks Alan,
The double ‘==’ in the ntlm_auth command was the culprit. Things are working today.
p.s. I had already stripped the usernames and verified the password so that was fine.
Iain Grant
Linux System Administrator
Scottish Crop Research Institute
Date: Wed, 17 Mar 2010 17:23:37 +0000
From: Alan Buxey <A.L.M.Buxey@lboro.ac.uk>
Subject: Re: Talking to Windows 2003 AD
To: FreeRadius users mailing list
<freeradius-users@lists.freeradius.org>
Message-ID: <20100317172337.GA16756@lboro.ac.uk>
Content-Type: text/plain; charset=us-ascii
Hi,
> Now when I go to the next step and enable this in /etc/raddb/modules/mschap
>
> ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username==%{%{Stripped-User-Name}:-%{User-Name:-None}} --domain=%{%{mschap:NT-Domain}:-OURDOMAIN} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
radiusd -X
and show us at least that bit where that command is called.
you have 2 == is your command. is that intentional? you are allowing usernames
that havent been sanitised or are blank (none) - is that intentional?
alan