Authenticating agains AD issues
Phil Mayers
p.mayers at imperial.ac.uk
Thu Oct 28 17:43:37 CEST 2010
On 28/10/10 16:22, Johnson, Neil M wrote:
> Yes, I did.
Ah. However, the debug output says:
>
> [mschap] expand: %{Stripped-User-Name} ->
> [mschap] ... expanding second conditional
> [mschap] WARNING: Deprecated conditional expansion ":-". See "man
> unlang" for details
> [mschap] expand: %{User-Name:-None} -> IOWA\nmjoo
> [mschap] expand: --username=%{%{Stripped-User-Name}:-%{User-Name:-None}}
> -> --username=IOWA\nmjoo
i.e. the username still contains a "DOMAIN\". You need to change the
"ntlm_auth" command in /etc/raddb/modules/mschap to have:
ntlm_auth = "... --username=%{mschap:User-Name} ..."
More information about the Freeradius-Users
mailing list