ntlm_auth fails for none domain

John elmer_radius at yahoo.com.cn
Thu Jul 1 06:42:44 CEST 2010

We are using freeRADIUS talk to multiple ADs integration.  I updated my freeRADIUS from 1.1.6 to 2.1.9 recently. 
"xjtu" is our default domain, for users under this domain will only use username to authenticate to RADIUS. With 1.1.6, it will get "xjtu" as domain; But with 2.1.9, it will not, please see the debug info below.
It is the related part in configuration file:
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --domain=%{mschap:NT-Domain:-xjtu} --username=%{mschap:User-Name} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
It is debug info: 
[mschap] Told to do MS-CHAPv2 for hhe with NT-Password
[mschap] No NT-Domain was found in the User-Name.
[mschap]  expand: --domain=%{mschap:NT-Domain} -> --domain=
[mschap]  expand: --username=%{mschap:User-Name:-None} -> --username=hhe
[mschap]  mschap2: a6
[mschap]  expand: --challenge=%{mschap:Challenge:-00} -> --challenge=ddca17e9bfdaf05a
[mschap]  expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=741e305efc7bce1071682eee0b3c37142b184b9544242304

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100701/d99e0cda/attachment.html>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: mschap
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100701/d99e0cda/attachment.ksh>

More information about the Freeradius-Users mailing list