mschap problem
Paolo Barbato
paolo.barbato at igi.cnr.it
Thu Oct 22 11:27:12 CEST 2009
I forgot to mention that I've used also
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{Stripped-
User-Name:-%{User-Name:-None}} --challenge=%{mschap:Challenge:-00} --
nt-response=%{mschap:NT-Response:-00}"
but nothing changed.
On 22/ott/2009, at 11:12, Ivan Kalik wrote:
>> I've configured freeradius to authenticate local users with our AD.
>>
>> When I use simple username "barbato" it works perfectly, but if I use
>> barbato at igi.cnr.it
>> it fails.
>>
>> From log it seems that it's not stripped the realm/domain part
>> after @:
>>
>> [mschapv2] +- entering group MS-CHAP {...}
>> [mschap] Told to do MS-CHAPv2 for barbato at igi.cnr.it with NT-Password
>> [mschap] expand: --username=%{mschap:User-Name} ->
>> --username=barbato at igi.cnr.it
>> [mschap] mschap2: b9
>> [mschap] expand: --challenge=%{mschap:Challenge:-00} -> --
>> challenge=4e0cb755e2e70d10
>> [mschap] expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-
>> response=a0e03bda2615311436749b892e3a741d7a8605a1037fcce1
>> Exec-Program output: Logon failure (0xc000006d)
>
> Right, so you have altered the default ntlm_auth line and replaced
> Stripped-User-Name with mschap:User-Name and now you are wondering
> why is
> it not using Stripped-User-Name???
>
>
> Ivan Kalik
> Kalik Informatika ISP
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
------------------------------------------------------------------------------------------------
Paolo Barbato email: mailto:paolo.barbato at igi.cnr.it
Network Administrator phone: (39-049)-829-5097
(39-049)-829-5000
Corso Stati Uniti,4 www: http://www.igi.cnr.it
35127 Camin-Padova PGP: http://www.igi.cnr.it/wwwpgp/rfx_paolo_barbato.pgp
ITALY JabberID: rfx_paolo_barbato at messenger.efda.org
------------------------------------------------------------------------------------------------
More information about the Freeradius-Users
mailing list