Hi all, Thanks a lot for your help. *@Alan Dekok :*
You are not following the instructions on the web page.
You've added a "(0)" after the string expansions. Why?
e.g. --password=%{User-Password}(0)
What's that? Why are you going out of your way to do things which the instructions say not to do?
Please follow the instructions. If you do that, you WILL get it working.
I didn't added the "(0)" expression. I think when you copy/paste my freeradius -X output, the sequence number "(0)" move form the beginning of one line the the end of another. *@ Alan Buxey :*
you're using mschap:User-Name in the ntlm_auth - which will be the value provided by the client - rather than the value which is handled in logic, change that to " and it will be the stripped value you want.
I changed to "Stripped-User-Name" and it works now !! *ntlm_auth: Executing: /usr/bin/ntlm_auth --request-nt-key --domain=lan.esiee.fr <http://lan.esiee.fr> --username=%{Stripped-User-Name} --password=%{User-Password}:ntlm_auth: EXPAND --username=%{Stripped-User-Name}ntlm_auth: --> --username=userntlm_auth: EXPAND --password=%{User-Password}ntlm_auth: --> --password=passwordntlm_auth: Program returned code (0) and output 'NT_STATUS_OK: Success (0x0)'ntlm_auth: Program executed successfully [ntlm_auth] = ok } # authenticate = ok**@ Elias Pereira* * :* *In your smb.conf you configured the variable "ntlm auth = mschapv2-and-ntlmv2-only" or "ntlm auth = yes". Via kerberos is more secure than ntlm.* Exact, on my PDC i got the "ntlm auth = yes" on the smb.conf. Can you, please, recommend some documentations about kerberos method ? Regards, *Benjamin Dupalut* Administrateur système et réseau Service des Moyens Informatiques Généraux (SMIG) ESIEE Paris 2 bd Blaise Pascal - 93162 Noisy-le-Grand Cedex T : +33 1 45 92 66 17 benjamin.dupalut@esiee.fr www.esiee.fr / www.cci-paris-idf.fr Le jeu. 5 juil. 2018 à 04:21, Elias Pereira <empbilly@gmail.com> a écrit :
In your smb.conf you configured the variable "ntlm auth = mschapv2-and-ntlmv2-only" or "ntlm auth = yes".
Via kerberos is more secure than ntlm.
On Wed, Jul 4, 2018 at 7:18 PM Alan Buxey <alan.buxey@gmail.com> wrote:
you're using mschap:User-Name in the ntlm_auth - which will be the value provided by the client - rather than the value which is handled in logic, change that to Stripped-User-Name and it will be the stripped value you want.
alan
On 4 July 2018 at 16:44, Alan DeKok <aland@deployingradius.com> wrote:
On Jul 4, 2018, at 4:29 AM, Benjamin DUPALUT < benjamin.dupalut@esiee.fr> wrote:
Thank you for your answer.
Now i got an other issue :
#radtest user@esiee.fr password localhost 0 testing123
#freeradius -X ... *(0) ntlm_auth: Executing: /usr/bin/ntlm_auth --request-nt-key --domain=lan.esiee.fr <http://lan.esiee.fr> --username=%{mschap:User-Name} --password=%{User-Password}:(0) ntlm_auth: EXPAND --username=%{mschap:User-Name}(0) ntlm_auth: --> --username=user@esiee.fr <user@esiee.fr>(0) ntlm_auth: EXPAND --password=%{User-Password}(0) ntlm_auth: --> --password=password(0)
You are not following the instructions on the web page.
You've added a "(0)" after the string expansions. Why?
e.g. --password=%{User-Password}(0)
What's that? Why are you going out of your way to do things which the instructions say not to do?
Please follow the instructions. If you do that, you WILL get it working.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/ list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Elias Pereira - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html