libwbclient with PAP
Matthew Newton
mcn4 at leicester.ac.uk
Mon Oct 17 15:48:58 CEST 2016
On Mon, Oct 17, 2016 at 01:27:42PM +0000, Adam Bishop wrote:
> On 14 Oct 2016, at 15:13, Matthew Newton <mcn4 at leicester.ac.uk> wrote:
> > With 3.0, no - use ntlm_auth.
>
> All up and working - two quick question about the libwb integration:
>
> (197) mschap: ERROR: No such user [0xC0000064]
0xC0000064 is "No such user", so that is correct (this error comes
directly from Samba)
> (197) mschap: ERROR: Password has expired. User should retry authentication
That shouldn't happen.
What version / git hash?
> Is "password expired" expected when a non-existent user is submitted?
No
> (197) mschap: Creating challenge hash with username: radtest at dev.ja.net
> (197) mschap: Client is using MS-CHAPv2
> (197) mschap: EXPAND %{mschap:User-Name}
> (197) mschap: --> radtest at dev.ja.net
> (197) mschap: ERROR: No NT-Domain was found in the User-Name
>
> Do I need to be splitting the username manually here, or should it be figuring that out automatically?
I usually split manually and not rely on the %{mschap: magic. But
whatever works really. MSCHAP usernames can be weird. The magic
should work with domain\username style IIRC.
Matthew
--
Matthew Newton, Ph.D. <mcn4 at leicester.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users
mailing list