Another LDAP/MSCHAPv2 problem

Phil Mayers p.mayers at imperial.ac.uk
Thu Feb 9 18:02:07 CET 2012


On 09/02/12 16:49, Francois Gaudreault wrote:
> On 12-02-09 11:41 AM, Alan Buxey wrote:
>> hmm, with nt_domain_hack = yes and --username=%{%{mschap:User-Name}
>> used for
>> the auth attempt , things shoud work
>
> By saying "--username=%{mshcap:user-name}" you refer to the ntlm_auth
> line in the mschap module right? However, we are not using AD, we are
> using LDAP populating the NT-Password field, we don't need this
> ntlm_auth line in the mschap module do we? Like I said, it's working
> well with user authentication.
>

Can you share the unobfuscated values for an attempt? The MS-CHAP 
challenge/response, NT-Password and User-Name? I've got a little script 
that performs blob generation and validation, and I can see if it's 
using name$ or host/name.domain as the challenge mix-in.



More information about the Freeradius-Users mailing list