free radius ntlm_auth problem

Alan DeKok aland at
Sat Oct 7 01:03:33 CEST 2006

Andris wrote:
> Usernames without whitespaces authorize succesfully. When
> run ntlm_auth manal and write usernames like 'user 1' than work. And
> i want put a NT group requirment too like a 'Domain Users' ntlm_auth
> string is:
>        ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
> --domain=%{mschap:NT-Domain} --username=%{mschap:User-Name}
> --challenge=%{mschap:Challenge:-00}
> --nt-response=%{mschap:NT-Response:-00}"

  Try using: ntlm_auth = '...', i.e. use single quotes rather than
double quotes.  The issue appears to be that the User-Name string is
expanded *before* the 'exec program' code is being called.

  That means the splitting of the program arguments by spaces is
hitting the space in the username.  What *should* happen is that
entire string gets sent to the 'exec program' code, which splits the
string by spaces, and *then* expands User-Name.

  Alan DeKok.
--       - The web site of the book - The blog

More information about the Freeradius-Users mailing list