domain security problem
Hegedus Gabor
hegedus.gabor at euroway.hu
Wed Dec 10 12:37:15 CET 2008
tnt at kalik.net wrote:
>> here is the debug: (user-test- who is not in domain
>>
> Well, he was found in AD. And in that domain. And with correct password.
>
>
certainly,
hi is in the AD it is correct,
the problem is the domain
win send the
- DOMAIN\username if it is in domain,
- HOSTNAME\username if it is not in domain (only workgroup)
but when i set TEST(my domain) as hostname (it still not in domain), it
will send this and freeradius think it is correct.
how can I config the freeradius to reject auth, when it is not in
domain(but send domain name as hostname)
like: ntdomain or something proxy.conf modification or hack, i have
no idea what is the solution.
>> [mschap] expand: --domain=%{mschap:NT-Domain} -> --domain=TEST
>> [mschap] expand: --username=%{mschap:User-Name} -> --username=test
>> [mschap] mschap2: 10
>>
>> [mschap] expand: --challenge=%{mschap:Challenge:-00} -> --challenge=ad923676ac4c1b76 [mschap] expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=2b4dda1057bbf603f10d79c87e09e6203b600788c29e7ff5
>> Exec-Program output: NT_KEY: 2066656E05C22F3A995AD9ECFED913D6
>> Exec-Program-Wait: plaintext: NT_KEY: 2066656E05C22F3A995AD9ECFED913D6
>> Exec-Program: returned: 0
>> [mschap] adding MS-CHAPv2 MPPE keys
>> ++[mschap] returns ok
>> MSCHAP Success
>>
>
> Ivan Kalik
> Kalik Informatika ISP
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
More information about the Freeradius-Users
mailing list