FreeRadius - Wifi - Active directory (Eap-Peap-MSCHAP)

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Fri May 6 13:49:28 CEST 2016


Hi,

> rad_recv: Access-Request packet from host 10.2.103.17 port 59985, id=177, length=173
>         User-Name = "galaxy\\test"

yes, thats how windows will send a userid by default - the logged in user most likely....
it will be their windows username/password - which might be different to their AD one
(eg own device)

if you want to authenticate such requests then you need to 1) ensure password is correct
2) deal with the username - eg using the required mschap and with_ntdomain_hack  etc
and ensuring the the DOMAIN part is dealt wiht in proxy.conf as a local domain....and
finally this stuff will all go through the EAP layer - so, by default, through inner-tunnel
virtual server so ensure that is correctly configured  

alan


More information about the Freeradius-Users mailing list