On Nov 9, 2017, at 3:45 PM, Gary Gwin <garygwin@gmail.com> wrote:
Perhaps you could explain why you think you need to see the NT hash.
I'm enlightened and don't think I need it anymore ;-)
Good.
Here's pseudocode for my Python authorize method for the inner-tunnel:
def authorize(RAD_REQUEST): nt_hash = get_user_nt_hash(user_name) config = ( ('NT-Password', nt_hash), ('Auth-Type', ':=', 'MS-CHAP'), )
Don't do that. Set the NT password. Don't set Auth-Type. The server can figure it out.
Which is working, the user authenticates, but I see this error:
(8) Found Auth-Type = MS-CHAP (8) Found Auth-Type = eap (8) ERROR: Warning: Found 2 auth-types on request for user 'testing'
That doesn't seem to cause a problem, but is there something that should be done to suppress the error?
Don't create the bad configuration which results in the error. Alan DeKok.