Change username for MSCHAPv2
Gabriele Verzeletti
gabriele at verzeletti.org
Mon Jul 3 16:26:33 CEST 2017
Ok, changes made and it works now
I have
authorize {
update request {
Stripped-User-Name := `/usr/local/bin/radius-username
'%{User-Name}'`
}
That convert my username into the correct form for my environment, and
restored the ntlm_auth as in default:
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
--username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}}
--challenge=%{%{mschap:Challenge}:-00}
--nt-response=%{%{mschap:NT-Response}:-00}
Works like a charm
Thank you a lot
On 07/03/2017 02:36 PM, Alan DeKok wrote:
>> On Jul 3, 2017, at 8:28 AM, Gabriele Verzeletti <gabriele at verzeletti.org> wrote:
>>
>> Using Stripped-User-Name was one of my first try.
>> I got this error
> Did you try using the default configuration for the mschap module? Which has Stripped-User-Name in it? And which works?
>
>> eap_mschapv2: # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
>> (8) eap_mschapv2: Auth-Type MS-CHAP {
>> (8) mschap: Creating challenge hash with username: /user/@/domain.com/
>> (8) mschap: Client is using MS-CHAPv2
>> (8) mschap: Executing: /usr/bin/ntlm_auth --request-nt-key --username=%{%{mschap:Stripped-User-Name}:-None} --challenge=%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00}:
>> (8) mschap: ERROR: Unknown expansion string 'Stripped-User-Name' <--------------------------- UNKNOWN !!!!!
> Yes... the default configuration has %{Stripped-User-Name}. Not %{mschap:Stripped-User-Name}.
>
> Why did you edit the default configuration and break it?
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list