Machine auth fails but user auth works

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Wed Dec 9 00:40:16 CET 2015


Hi,

> ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{%{mschap:User-Name}:-00} --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} --domain=%{%{mschap:NT-Domain}:-CFS.UOGUELPH.CA} --challenge=%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00}" 
> 
> If I understand correctly from other posts, if client specify a domain name, it will use that domain name regardless of the ntlm_auth configuration? 

no.


--domain=%{%{mschap:NT-Domain}:-CFS.UOGUELPH.CA} 

this means, set domain to be the value of NT-Domain from MSCHAP....and if no such value
exists (as provided by the client), then set it to be CFS.UOGUELPH.CA instead. the docs
are clear on how this works

> As far as the client side, it is configured with cfs.uoguelph.ca domain, I am sure why it would use domain cfs. Are there any other places to check for the domain being used by machine auth? 

no. its windows and windows does weird and interesting things regarding domains...it probably knows that its in
uoguelph.ca and so is removing that part. anyway, just remove the option.

alan


More information about the Freeradius-Users mailing list