Problem with ntlm_auth between freeradius 3.0 and Samba 4 AD

Alan Buxey alan.buxey at gmail.com
Thu Jul 5 00:16:25 CEST 2018


you're using mschap:User-Name  in the ntlm_auth - which will be the value
provided by the client - rather than the
value which is handled in logic, change that to Stripped-User-Name and it
will be the stripped value you want.

alan

On 4 July 2018 at 16:44, Alan DeKok <aland at deployingradius.com> wrote:

> On Jul 4, 2018, at 4:29 AM, Benjamin DUPALUT <benjamin.dupalut at esiee.fr>
> wrote:
> > Thank you for your answer.‚Äč
> >
> > Now i got an other issue :
> >
> > #radtest user at esiee.fr password localhost 0 testing123
> >
> > #freeradius -X
> ...
> > *(0) ntlm_auth: Executing: /usr/bin/ntlm_auth --request-nt-key
> > --domain=lan.esiee.fr <http://lan.esiee.fr>
> --username=%{mschap:User-Name}
> > --password=%{User-Password}:(0) ntlm_auth: EXPAND
> > --username=%{mschap:User-Name}(0) ntlm_auth:    -->
> > --username=user at esiee.fr <user at esiee.fr>(0) ntlm_auth: EXPAND
> > --password=%{User-Password}(0) ntlm_auth:    --> --password=password(0)
>
>   You are not following the instructions on the web page.
>
>   You've added a "(0)" after the string expansions.  Why?
>
>   e.g. --password=%{User-Password}(0)
>
>   What's that?  Why are you going out of your way to do things which the
> instructions say not to do?
>
>   Please follow the instructions.  If you do that, you WILL get it working.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
>


More information about the Freeradius-Users mailing list