winbind / ntlm_auth funny
Alex Sharaz
alex.sharaz at york.ac.uk
Thu Jan 18 11:57:12 CET 2018
of course it helps if you READ THE WIKI PAGE YOU WROTE WHEN YOU TESTED IT
MONTHS AGO instead of assuming you remembered what to do
In proxy.conf ... comment out nostrip .... and it just worked
Sigh!
old age ... dememtia ,.... :-(
A
On 18 January 2018 at 10:52, Matthew Newton <mcn at freeradius.org> wrote:
> On Thu, 2018-01-18 at 10:47 +0000, Alex Sharaz via Freeradius-Users
> wrote:
> > I've been using winbindd for a long time to authenticate york users
> > .. and it "just works"
>
> Good to know.
>
> > with
> >
> > winbind_username = "%{Stripped-User-Name}"
> > winbind_domain = "HYMS.AC.UK"
> >
> > plus a few other bits to get inner-tunnel to call mschap_hyms as
> > appropriate
>
> OK.
>
> > ntlm_auth --username=eduroamtest2 --domain=HYMS.AC.UK
> >
> > and get the same no such user message
> >
> > However, try
> > ntlm_auth --username=\eduroamtest2 --domain=HYMS.AC.UK
> >
> > and get a success after entering a password.
>
> That's... weird.
>
> > Thought I'd go back to using ntlm_auth in my FR config for HYMS
> > So how do I prefix Stripped-user-name wtih a "\" in inner-tunnel ?
>
> Use
>
> winbind_username = "\\%{Stripped-User-Name}"
>
> ?
>
> --
> Matthew
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
More information about the Freeradius-Users
mailing list