Machine Authecitation with PEAP

King, Michael MKing at bridgew.edu
Fri Mar 10 01:07:33 CET 2006


 

> -----Original Message-----
> If it helps, this the ntlm command (which i think you have correct):
> /usr/bin/ntlm_auth --request-nt-key --username=cse-mpr$
> --challenge=4de0a9c09623ab12
> --nt-response=d4b9516b28ba1760f8d31f8ac2b257d74a2439b9e104a102
>
>  - are you passing the domain correctly? (i dont specify the domain on
> the ntlm_auth command line, whereas you have) i have the following in
> samba.conf
> 

I didn't have the ntlm_auth line correct.  I did have the domain
correct.

I had this in the radius.conf file

                ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
--username=%{mschap:User-Name} --domain=%{mschap:NT-Domain}
--challenge=%{msc
hap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00} 


BUT, in my notes, and on my working server, I had this:

ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
--username=%{mschap:User-Name} --challenge=%{mschap:Challenge}
--nt-response=
%{mschap:NT-Response}"


I removed the :-00 from the NT-Response and the Challenge options, and I
also removed the --domain, since I had no idea why it was in there
either.  I think I only replaced bits and pieces of the default line in
the example config, instead of deleting the whole line and pasting in my
notes.

Thanks, it works great now!




More information about the Freeradius-Users mailing list