Machine auth fails but user auth works
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Tue Dec 8 19:54:17 CET 2015
Hi,
> I see one difference between my machine auth and user auth cases:
yep
> (18) mschap : EXPAND --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}}
> (18) mschap : --> --username=dxu
> (18) ERROR: mschap : No NT-Domain was found in the User-Name
> (18) mschap : EXPAND --domain=%{%{mschap:NT-Domain}:-CFS.UOGUELPH.CA}
> (18) mschap : --> --domain=CFS.UOGUELPH.CA
no NT-Domain found so its using your provided value in the config
> (19) mschap : EXPAND --username=%{%{mschap:User-Name}:-00}
> (19) mschap : --> --username=CCS-252$
> (19) mschap : EXPAND --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}}
> (19) mschap : --> --username=host/CCS-252.cfs.uoguelph.ca
> (19) mschap : EXPAND --domain=%{%{mschap:NT-Domain}:-CFS.UOGUELPH.CA}
> (19) mschap : --> --domain=cfs
NT-domain provided by client....so its using that....and not your provided realm.
so, if you want it to work, ignore the NT-domain provided by the client (here, we dont have the
-domain=%{%{mschap:NT-Domain}.... part at all in the ntlm_auth line... it all hits the configured
realm in samba that ntlm_auth/winbind uses
alan
More information about the Freeradius-Users
mailing list