Problem with ntlm_auth between freeradius 3.0 and Samba 4 AD

Elias Pereira empbilly at gmail.com
Thu Jul 5 04:20:48 CEST 2018


In your smb.conf you configured the variable "ntlm auth =
mschapv2-and-ntlmv2-only" or "ntlm auth = yes".

Via kerberos is more secure than ntlm.

On Wed, Jul 4, 2018 at 7:18 PM Alan Buxey <alan.buxey at gmail.com> wrote:

> you're using mschap:User-Name  in the ntlm_auth - which will be the value
> provided by the client - rather than the
> value which is handled in logic, change that to Stripped-User-Name and it
> will be the stripped value you want.
>
> alan
>
> On 4 July 2018 at 16:44, Alan DeKok <aland at deployingradius.com> wrote:
>
> > On Jul 4, 2018, at 4:29 AM, Benjamin DUPALUT <benjamin.dupalut at esiee.fr>
> > wrote:
> > > Thank you for your answer.‚Äč
> > >
> > > Now i got an other issue :
> > >
> > > #radtest user at esiee.fr password localhost 0 testing123
> > >
> > > #freeradius -X
> > ...
> > > *(0) ntlm_auth: Executing: /usr/bin/ntlm_auth --request-nt-key
> > > --domain=lan.esiee.fr <http://lan.esiee.fr>
> > --username=%{mschap:User-Name}
> > > --password=%{User-Password}:(0) ntlm_auth: EXPAND
> > > --username=%{mschap:User-Name}(0) ntlm_auth:    -->
> > > --username=user at esiee.fr <user at esiee.fr>(0) ntlm_auth: EXPAND
> > > --password=%{User-Password}(0) ntlm_auth:    --> --password=password(0)
> >
> >   You are not following the instructions on the web page.
> >
> >   You've added a "(0)" after the string expansions.  Why?
> >
> >   e.g. --password=%{User-Password}(0)
> >
> >   What's that?  Why are you going out of your way to do things which the
> > instructions say not to do?
> >
> >   Please follow the instructions.  If you do that, you WILL get it
> working.
> >
> >   Alan DeKok.
> >
> >
> > -
> > List info/subscribe/unsubscribe? See http://www.freeradius.org/
> > list/users.html
> >
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html



-- 
Elias Pereira


More information about the Freeradius-Users mailing list