mschap problem

Paolo Barbato paolo.barbato at igi.cnr.it
Thu Oct 22 11:34:17 CEST 2009 

Found!

I've updated from 2.1.1 to 2.1.7 and with Stripped-User-Name now  
everithing is right.


On 22/ott/2009, at 11:27, Paolo Barbato wrote:

> I forgot to mention that I've used also
>
> ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=% 
> {Stripped-User-Name:-%{User-Name:-None}} --challenge=% 
> {mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
>
> but nothing changed.
>
>
> On 22/ott/2009, at 11:12, Ivan Kalik wrote:
>
>>> I've configured freeradius to authenticate local users with our AD.
>>>
>>> When I use simple username "barbato" it works perfectly, but if I  
>>> use
>>> barbato at igi.cnr.it
>>> it fails.
>>>
>>> From log it seems that it's not stripped the realm/domain part  
>>> after @:
>>>
>>> [mschapv2] +- entering group MS-CHAP {...}
>>> [mschap] Told to do MS-CHAPv2 for barbato at igi.cnr.it with NT- 
>>> Password
>>> [mschap] 	expand: --username=%{mschap:User-Name} ->
>>> --username=barbato at igi.cnr.it
>>> [mschap]  mschap2: b9
>>> [mschap] 	expand: --challenge=%{mschap:Challenge:-00} -> --
>>> challenge=4e0cb755e2e70d10
>>> [mschap] 	expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-
>>> response=a0e03bda2615311436749b892e3a741d7a8605a1037fcce1
>>> Exec-Program output: Logon failure (0xc000006d)
>>
>> Right, so you have altered the default ntlm_auth line and replaced
>> Stripped-User-Name with mschap:User-Name and now you are wondering  
>> why is
>> it not using Stripped-User-Name???
>>
>>
>> Ivan Kalik
>> Kalik Informatika ISP
>>
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
> ------------------------------------------------------------------------------------------------
> Paolo Barbato               email: mailto:paolo.barbato at igi.cnr.it
> Network Administrator   phone: (39-049)-829-5097
>                                            (39-049)-829-5000
> Corso Stati Uniti,4            www: http://www.igi.cnr.it
> 35127 Camin-Padova       PGP: http://www.igi.cnr.it/wwwpgp/rfx_paolo_barbato.pgp
> ITALY                      JabberID: rfx_paolo_barbato at messenger.efda.org
> ------------------------------------------------------------------------------------------------
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

------------------------------------------------------------------------------------------------
Paolo Barbato               email: mailto:paolo.barbato at igi.cnr.it
Network Administrator   phone: (39-049)-829-5097
                                             (39-049)-829-5000
Corso Stati Uniti,4            www: http://www.igi.cnr.it
35127 Camin-Padova       PGP: http://www.igi.cnr.it/wwwpgp/rfx_paolo_barbato.pgp
ITALY                      JabberID: rfx_paolo_barbato at messenger.efda.org
------------------------------------------------------------------------------------------------

More information about the Freeradius-Users mailing list