mschap problem
Paolo Barbato
paolo.barbato at igi.cnr.it
Thu Oct 22 10:35:06 CEST 2009
I've configured freeradius to authenticate local users with our AD.
When I use simple username "barbato" it works perfectly, but if I use barbato at igi.cnr.it
it fails.
From log it seems that it's not stripped the realm/domain part after @:
[mschapv2] +- entering group MS-CHAP {...}
[mschap] Told to do MS-CHAPv2 for barbato at igi.cnr.it with NT-Password
[mschap] expand: --username=%{mschap:User-Name} -> --username=barbato at igi.cnr.it
[mschap] mschap2: b9
[mschap] expand: --challenge=%{mschap:Challenge:-00} -> --
challenge=4e0cb755e2e70d10
[mschap] expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-
response=a0e03bda2615311436749b892e3a741d7a8605a1037fcce1
Exec-Program output: Logon failure (0xc000006d)
I use this line for radius.conf :
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%
{mschap:User-Name} --challenge=%{mschap:Challenge:-00} --nt-response=%
{mschap:NT-Response:-00}"
and in proxy.conf
realm igi.cnr.it {
type = radius
authhost = LOCAL
accthost = LOCAL
strip
}
Regards,
Paolo.
------------------------------------------------------------------------------------------------
Paolo Barbato email: mailto:paolo.barbato at igi.cnr.it
Network Administrator phone: (39-049)-829-5097
(39-049)-829-5000
Corso Stati Uniti,4 www: http://www.igi.cnr.it
35127 Camin-Padova PGP: http://www.igi.cnr.it/wwwpgp/rfx_paolo_barbato.pgp
ITALY JabberID: rfx_paolo_barbato at messenger.efda.org
------------------------------------------------------------------------------------------------
More information about the Freeradius-Users
mailing list