freeradius and AD auth with option require-membership-of

Stefan Paetow Stefan.Paetow at
Thu Sep 11 01:18:05 CEST 2014

What's the complete command-line you have in the mschap module?

Also, is the ntlm_auth location you specified in the mschap module the same as the one you get when you type "which ntlm_auth" on the command-line?


From: at [ at] on behalf of Попов Александр [pop5s at]
Sent: 10 September 2014 18:18
To: freeradius-users
Subject: Re[2]: freeradius and AD auth with option require-membership-of

But why is the console command (ntlm_auth --request-nt-key --username=test2 --require-membership-of='s-1-5-21-241991751-2423211274-3836920987-1626') is executed without problems?

Попов Александр wrote:
> Ubuntu 14.04, freeradius 2.1.12+dfsg-1.1ubuntu0.1

  Upgrade to 2.2.5.

> When I add in mschap this option in debug I see:
> Could not parse s-1-5-21-241991751-2423211274-3836920987-1626 into
> separate domain/name parts!
> *** Error in `/usr/bin/ntlm_auth': free(): invalid pointer:
> 0x00007f13562b9e9c ***
> Exec-Program output: ?▒t?▒r▒▒▒<???▒▒▒▒1▒?▒▒I?|$?H?▒??j▒▒▒▒▒r (0xc000000d)
> Exec-Program-Wait: plaintext: ?▒t?▒r▒▒▒<???▒▒▒▒1▒?▒▒I?|$?H?▒??j▒▒▒▒▒r

  It looks like the ntlm_auth program is buggy. Fix that.

  This isn't a FreeRADIUS issue.

  Alan DeKok.

С уважением,
Попов Александр
pop5s at

Janet(UK) is a trading name of Jisc Collections and Janet Limited, a 
not-for-profit company which is registered in England under No. 2881024 
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238

More information about the Freeradius-Users mailing list