In your smb.conf you configured the variable "ntlm auth = mschapv2-and-ntlmv2-only" or "ntlm auth = yes". Via kerberos is more secure than ntlm. On Wed, Jul 4, 2018 at 7:18 PM Alan Buxey <alan.buxey@gmail.com> wrote:
you're using mschap:User-Name in the ntlm_auth - which will be the value provided by the client - rather than the value which is handled in logic, change that to Stripped-User-Name and it will be the stripped value you want.
alan
On 4 July 2018 at 16:44, Alan DeKok <aland@deployingradius.com> wrote:
On Jul 4, 2018, at 4:29 AM, Benjamin DUPALUT <benjamin.dupalut@esiee.fr> wrote:
Thank you for your answer.
Now i got an other issue :
#radtest user@esiee.fr password localhost 0 testing123
#freeradius -X ... *(0) ntlm_auth: Executing: /usr/bin/ntlm_auth --request-nt-key --domain=lan.esiee.fr <http://lan.esiee.fr> --username=%{mschap:User-Name} --password=%{User-Password}:(0) ntlm_auth: EXPAND --username=%{mschap:User-Name}(0) ntlm_auth: --> --username=user@esiee.fr <user@esiee.fr>(0) ntlm_auth: EXPAND --password=%{User-Password}(0) ntlm_auth: --> --password=password(0)
You are not following the instructions on the web page.
You've added a "(0)" after the string expansions. Why?
e.g. --password=%{User-Password}(0)
What's that? Why are you going out of your way to do things which the instructions say not to do?
Please follow the instructions. If you do that, you WILL get it working.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/ list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Elias Pereira