freeRADIUS -> AD Auth (<100kb)
Herwin Weststrate
herwin at quarantainenet.nl
Wed Aug 13 18:13:42 CEST 2014
On 13-08-14 17:51, nfischer at hush.com wrote:
> Hi!
>
> Okay Im one step further.
> It now fails with:
> [pap] WARNING! No "known good" password found for the user.
> Authentication may fail because of this.
>
> Im not really sure what the problem is...
I see this part in the logs:
[mschap] Told to do MS-CHAPv2 for hausmeister at oblan with NT-Password
[mschap] expand: %{User-Name} -> hausmeister at oblan
[mschap] expand: --username==%{%{User-Name}:-None}} ->
--username==hausmeister at oblan}
Exec-Program output: Password: NT_STATUS_NO_SUCH_USER: No such user
(0xc0000064)
Active Directory can be a bit weird when trying to do authentication
with usernames where the domain is given via the postfix (@domain)
notation. Adding "--domain=%{mschap:NT-Domain}" to the params of
ntlm_auth may work (even if it gets expanded to an empty string).
--
Herwin Weststrate
More information about the Freeradius-Users
mailing list