Strip off the domain part from the User-Name
Thomas Wunder
thomas.wunder at swt-bamberg.de
Fri Apr 1 12:08:22 CEST 2011
On Wednesday 30 March 2011 15:52:31 Phil Mayers wrote:
> First, there's no need to email me directly; I read the list.
I totally agree with you I just missed to exchange the recipient address (and after noticing that i also sent it to the list)... sorry!
> You *only* set:
> with_ntdomain_hack = yes
> ...in modules/mschap.
> DO NOT set it anywhere else - this basically does exactly the same thing
> you were doing earlier (rewriting the *real* username) and causes EAP to
> break.
Sorry but that didn't help either. I did -- like you suggested -- set 'with_ntdomain_hack' back to 'no' everywhere except for modules/mschap but I still get that '[...] not the same as [...]' error message.
[mschapv2] # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] Found NT-Password
[mschap] ERROR: User-Name (winmac\tom1) is not the same as MS-CHAP Name (tom1) from EAP-MSCHAPv2
++[mschap] returns reject
Again a full log is appended. My modules/mschap currently looks like this (i suppose that the above problems might arise from it):
mschap {
use_mppe = yes
require_encryption = yes
require_strong = yes
with_ntdomain_hack = yes
}
Regards
Tom
More information about the Freeradius-Users
mailing list