Freeradius 3 and empty password from authorization

chose chose at ajetaci.cz
Mon Apr 23 10:22:28 CEST 2018


   Good morning,
   I couldn't authorize over my radius, when I run it with debug, I see 
that user password is empty:

(23) ntlm_auth: Executing: /usr/bin/ntlm_auth --request-nt-key 
--domain=domain.tld --username=%{Stripped-User-Name} 
--password=%{User-Password}:
(23) ntlm_auth: EXPAND --username=%{Stripped-User-Name}
(23) ntlm_auth:    --> --username=user
(23) ntlm_auth: EXPAND --password=%{User-Password}
(23) ntlm_auth:    --> --password=
(23) ntlm_auth: ERROR: Program returned code (1) and output 
'NT_STATUS_WRONG_PASSWORD: Wrong Password (0xc000006a)'
(23)       [ntlm_auth] = reject
(23)     } # if (&User-Name =~ /@domain.tld/ || &User-Name =~ 
/@domain.tld/)  = reject
(23)   } # authorize = reject
(23) Invalid user (ntlm_auth: Program returned code (1) and output 
'NT_STATUS_WRONG_PASSWORD: Wrong Password (0xc000006a)'): [user] (from 
client controler2 port 13 cli 86-e8-4f-43-5c-9b)
(23) Using Post-Auth-Type Reject

   User is not empty.
   When I try to authorize ntlm_auth from bash, all is OK (NT_STATUS_OK: 
Success (0x0))

   What did I missed ?
   Thanks and best regards
   J.Karliak


-- 
Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a
DomainKeys/DKIM (s ADSP) a implementaci DMARC. Pokud mate problemy s
dorucenim emailu, zacnete pouzivat metody overeni puvody emailu
zminene vyse. Dekuji.
My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP)
policy and implementation of the DMARC. If you've problem with sending
emails to me, start using email origin methods mentioned above. Thank
you.


More information about the Freeradius-Users mailing list