freeRADIUS -> AD Auth (<100kb)

Herwin Weststrate herwin at quarantainenet.nl
Wed Aug 13 18:13:42 CEST 2014


On 13-08-14 17:51, nfischer at hush.com wrote:
> Hi!
> 
> Okay Im one step further.
> It now fails with:
> [pap] WARNING! No "known good" password found for the user. 
> Authentication may fail because of this.
> 
> Im not really sure what the problem is...

I see this part in the logs:

  [mschap] Told to do MS-CHAPv2 for hausmeister at oblan with NT-Password
  [mschap]        expand: %{User-Name} -> hausmeister at oblan
  [mschap]        expand: --username==%{%{User-Name}:-None}} ->
  --username==hausmeister at oblan}
  Exec-Program output: Password: NT_STATUS_NO_SUCH_USER: No such user
  (0xc0000064)

Active Directory can be a bit weird when trying to do authentication
with usernames where the domain is given via the postfix (@domain)
notation. Adding "--domain=%{mschap:NT-Domain}" to the params of
ntlm_auth may work (even if it gets expanded to an empty string).

-- 
Herwin Weststrate



More information about the Freeradius-Users mailing list