MSCHAP Machine/User Authentication with Windows

Stefan Paetow Stefan.Paetow at jisc.ac.uk
Mon May 11 10:41:32 CEST 2015


>>> (8) mschap : EXPAND --domain=%{%{mschap:NT-Domain}:-TESTDOMAIN}
>>> (8) mschap :    --> --domain=in
[snip]
> Username = testuser
> Domain = testdomain
[snip]
> I believe that debug is of an attempted machine authentication, which would
> explain 'host/machine name' (ie host/win81-ops.in.testdomain).

Ok, then see my quote above... mschap believes that your domain is 'in'. You might want to adjust the ntlm_auth command-line to hardcode the domain name in, or you can use unlang to set the NT-Domain attribute to 'testdomain'. :-)

That should make it happ(y|ier).

Additionally, Ben's posted a bunch of settings that might be useful in Windows. His dialogs are in German, although that should not really be an issue. 

Stefan Paetow
Moonshot Industry & Research Liaison Coordinator

t: +44 (0)1235 822 125
gpg: 0x3FCE5142
xmpp: stefanp at jabber.dev.ja.net
skype: stefan.paetow.janet
Lumen House, Library Avenue, Harwell Oxford, Didcot, OX11 0SG

jisc.ac.uk
 
Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.
Jisc Collections and Janet Ltd. is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under Company No. number 2881024, VAT No. GB 197 0632 86. The registered office is: Lumen House, Library Avenue, Harwell, Didcot, Oxfordshire, OX11 0SG. T 01235 822200.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150511/213953b2/attachment.sig>


More information about the Freeradius-Users mailing list