MSCHAPv2 Module with Stripped-Username - no ActiveDirectory
Markus Maurer
lists at v-net.tk
Sun Nov 11 16:57:08 CET 2018
The problem is that the user is stored in database as following: <username> <password>
And the request comes with <username>:<otp> <password>.
So I have to strip the username to verify against the database. I just need something to use eap mschapv2 with a stripped-username or a an external program like ntlm_auth without AD binding which could be executed in the eap module
> Am 11.11.2018 um 16:16 schrieb Alan DeKok <aland at deployingradius.com>:
>
>> On Nov 10, 2018, at 3:28 PM, Markus Maurer <lists at v-net.tk> wrote:
>>
>> Yes, but its not possible using pap in my case anyway..:/
>
> Then you're pretty much stuck.
>
>> Cause linotp just verifys the otp over rlm_perl and it hasnt stored the password of the user in its database, so the second step is to verify only the user ft. password against the sql database.
>>
>> Do you have any idea how to setup something like this?
>
> The server already gets passwords from SQL and authenticates the user. This is in the default config, and fairly well documented. What, exactly, are you looking for?
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list