rlm_exec with ntlm_auth broken in 3.0.2+git??

peter.geiser at id.unibe.ch peter.geiser at id.unibe.ch
Mon Feb 10 09:31:06 CET 2014


Is ntlm_auth with clear text password broken in FR 3.0.2+git?

Modul Config:
#
exec ntlm_auth {
	wait = yes
	program = "/usr/bin/ntlm_auth --request-nt-key --domain=DOMAIN
--username=%{mschap:User-Name} --password=%{User-Password}"
}


Debug output:

Found Auth-Type = ntlm_auth
(0) # Executing group from file /etc/freeradius/sites-enabled/ntlm
(0)  Auth-Type ntlm_auth {
(0) ntlm_auth : Executing: /usr/bin/ntlm_auth --request-nt-key
‹domain=DOMAIN --username=%{mschap:User-Name} --password=%{User-Password}
(0) ntlm_auth : 	expand: "--username=%{mschap:User-Name}" ->
'--username=testuser'
(0) ntlm_auth : 	expand: "--password=%{User-Password}" ->
'--password=TEST1234'
(0) ERROR: ntlm_auth : Failed parsing output from: /usr/bin/ntlm_auth
--request-nt-key ‹domain=DOMAIN --username=%{mschap:User-Name}
--password=%{User-Password}: Expecting operator
(0) ERROR: ntlm_auth : Program returned code (0) and output 'NT_STATUS_OK:
Success (0x0)'
(0)   [ntlm_auth] = fail
(0)  } # Auth-Type ntlm_auth = fail
(0) Failed to authenticate the user.



Authentication seems to be ok but FR can¹t parse the return values.

Thanks for any Feedback.

- Peter




More information about the Freeradius-Users mailing list