On 09/02/12 17:02, Phil Mayers wrote:
On 09/02/12 16:49, Francois Gaudreault wrote:
On 12-02-09 11:41 AM, Alan Buxey wrote:
hmm, with nt_domain_hack = yes and --username=%{%{mschap:User-Name} used for the auth attempt , things shoud work
By saying "--username=%{mshcap:user-name}" you refer to the ntlm_auth line in the mschap module right? However, we are not using AD, we are using LDAP populating the NT-Password field, we don't need this ntlm_auth line in the mschap module do we? Like I said, it's working well with user authentication.
Can you share the unobfuscated values for an attempt? The MS-CHAP challenge/response, NT-Password and User-Name? I've got a little script that performs blob generation and validation, and I can see if it's using name$ or host/name.domain as the challenge mix-in.
Also, maybe try this: authorize { ... update request { MS-CHAP-User-Name = "%{mschap:User-Name}" } ... } This should expand to "name$" for "host/name.domain". The mschap module will prefer MS-CHAP-User-Name as input to to challenge generation, and may work.