Machine auth fails but user auth works
Dennis Xu
dxu at uoguelph.ca
Tue Dec 8 22:42:21 CET 2015
Yes I do hardcode the domain into the /etc/raddb/mods-available/mschap file:
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{%{mschap:User-Name}:-00} --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} --domain=%{%{mschap:NT-Domain}:-CFS.UOGUELPH.CA} --challenge=%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00}"
If I understand correctly from other posts, if client specify a domain name, it will use that domain name regardless of the ntlm_auth configuration?
As far as the client side, it is configured with cfs.uoguelph.ca domain, I am sure why it would use domain cfs. Are there any other places to check for the domain being used by machine auth?
----- Original Message -----
From: "Matthew Newton" <mcn4 at leicester.ac.uk>
To: dxu at uoguelph.ca, "FreeRadius users mailing list" <freeradius-users at lists.freeradius.org>
Sent: Tuesday, December 8, 2015 4:22:39 PM
Subject: Re: Machine auth fails but user auth works
On Tue, Dec 08, 2015 at 12:39:33PM -0500, Dennis Xu wrote:
The EXPAND domain value from user auth is
"domain=CFS.UOGUELPH.CA" which is correct, but it got
"domain=cfs" in the machine auth case. I am not sure if that is
important.
Unless you have more than one domain, I would personally just
hardcode the domain into the ntlm_auth command in the config.
I do that here. It's one less thing to go wrong.
Matthew
--
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users
mailing list