FreeRadius 2.1.6 + EAP-PEAP issue

Anatoly Oreshkin Anatoly.Oreshkin at pnpi.spb.ru
Fri Jul 10 17:08:05 CEST 2009


Hi,

We don't use NTLM authorisation so, as I understand, ntlm_auth method is
not suited for us.
Could you briefly outline how to rewrite User-Name ... and what files 
should I modify ?

Thanks.






On Thu, 9 Jul 2009 A.L.M.Buxey at lboro.ac.uk wrote:

> Date: Thu, 9 Jul 2009 11:50:07 +0100
> From: A.L.M.Buxey at lboro.ac.uk
> Reply-To: FreeRadius users mailing list
>     <freeradius-users at lists.freeradius.org>
> To: tnt at kalik.net,
>     FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
> Subject: Re: FreeRadius 2.1.6 + EAP-PEAP issue
> 
> Hi,
>
>> That entry alters User-Name and shouldn't be used with EAP. It works fine
>> with plain mschap but not here.
>>
>> Enable ntdomain in inner-tunnel virtual server (just under suffix) and
>> create a local domain in proxy.conf:
>>
>> realm csd-notebook {
>> }
>
> i think his issue was that REALM could be anything random
> from the laptop - ie its the machine name not a proper
> set DOMAIN
>
> gregs-machine\blurky
> my-laptop\pinky
> test-xp-3\adminstaff3
>
>
> etc.
>
> i think, in this case you need to use either attr rewrite
> or unlang to take that value and NULL it into Stripped-User-Name
> and then use Stripped-User-Name for the authentication step
> (ntlm_auth) instead
>
> though, from last looking at it, using MSCHAP:User-Name and
> required AD domain in ntlm_auth worked pretty fine with
> no fancy rewrites or unlang.
>
> alan
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>



More information about the Freeradius-Users mailing list