MS 8021.x PEAP failing

Alan Buxey A.L.M.Buxey at
Thu Aug 20 21:13:31 CEST 2009


> If in my PEAP conf I uncheck "Automatically use my Windows logon name
> and password" and enter my username/password manually - I auth fine.
> I've been playing around with conf/module files trying to strip the
> DOMAIN out of my login request - but no luck!

this pretty muhc works out of the box... you just need to ensure
that in your mschap module you have

with_ntdomain_hack = yes

and the ntlm_auth line needs to look like

/usr/bin/ntlm_auth --request-nt-key --username=%{%{mschap:User-Name}:-%{User-Name:-None}} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}

(if using eg AD)

this should happily deal with the 'windows logon' issue


More information about the Freeradius-Users mailing list