Question about nt-domain.

tnt at kalik.co.yu tnt at kalik.co.yu
Fri Dec 14 10:59:48 CET 2007 

Uncomment ntdomain in authorize section. And proxy ntdomain to LOCAL.

Ivan Kalik
Kalik Informatika ISP

Dana 14/12/2007, "Hangjun He" <elmerhe at yahoo.com.cn> piše:

>Hi,
>    FreeRADIUS 1.1.6.
>  Use users file as user store. When I use username/password, It can work.
>  When I user username/password/domain, It not work.
>  I try to set preprocess module with_ntdomain_hack = yes. I get "rlm_eap: Identity does not match User-Name, setting from EAP Identity."
>  I try to add with_ntdomain_hack = yes in mschap module, It does not work.
>
>  Ready to process requests.
>rad_recv: Access-Request packet from host 10.155.20.84:1030, id=1, length=166
>        User-Name = "HH\\hhe123"
>        NAS-IP-Address = 10.155.20.84
>        NAS-Identifier = "AH-000030"
>        NAS-Port = 0
>        Called-Station-Id = "00-19-77-00-00-34:hhe"
>        Calling-Station-Id = "00-19-E0-80-A5-5A"
>        Framed-MTU = 1500
>        NAS-Port-Type = Wireless-802.11
>        Connect-Info = "CONNECT 11Mbps 802.11b"
>        EAP-Message = 0x0224000e0148485c686865313233
>        Message-Authenticator = 0xe02bcaa4c6065250f6dcd3ccd60386f6
>  Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 0
>  modcall[authorize]: module "preprocess" returns ok for request 0
>  modcall[authorize]: module "mschap" returns noop for request 0
>    rlm_realm: No '@' in User-Name = "hhe123", looking up realm NULL
>    rlm_realm: Found realm "NULL"
>    rlm_realm: Proxying request from user hhe123 to realm NULL
>    rlm_realm: Adding Realm = "NULL"
>    rlm_realm: Authentication realm is LOCAL.
>  modcall[authorize]: module "suffix" returns noop for request 0
>  rlm_eap: EAP packet type response id 36 length 14
>  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
>  modcall[authorize]: module "eap" returns updated for request 0
>    users: Matched entry hhe123 at line 95
>  modcall[authorize]: module "files" returns ok for request 0
>modcall: leaving group authorize (returns updated) for request 0
>  rad_check_password:  Found Auth-Type EAP
>auth: type "EAP"
>  Processing the authenticate section of radiusd.conf
>modcall: entering group authenticate for request 0
>rlm_eap: Identity does not match User-Name, setting from EAP Identity.
>  rlm_eap: Failed in handler
>  modcall[authenticate]: module "eap" returns invalid for request 0
>modcall: leaving group authenticate (returns invalid) for request 0
>auth: Failed to validate the user.
>Sending Access-Reject of id 1 to 10.155.20.84 port 1030
>        Reply-Message = "Hello"
>Finished request 0
>Going to the next request
>--- Walking the entire request list ---
>Waking up in 6 seconds...
>
>
>  John
>
>
>---------------------------------
>ĚěÉúšşÎďżńŁŹżńÇŔšşÎďČŻŁŹÄăťšľČʲôŁĄ
>

More information about the Freeradius-Users mailing list