Hi,
I'm running freeradius-2.0.5 on Linux.
My setup is as follows:
Windows Vista native client - Linksys AP - FreeRadius Linux server
(PEAP/mschapv2) - Active Directory Windows server
Everything works smoothly with the following ntlm_auth parameters in the mschap
module:
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
--username=%{Stripped-User-Name:-%{User-Name:-None}}
--challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
However, user authentication is rejected when I add the --domain parameter:
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --domain=%{mschap:NT-D
omain} --username=%{Stripped-User-Name:-%{User-Name:-None}}
--challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
(from the Windows Vista client I obviously set the DOMAIN filed; besides, if I
run the freeradius daemon with debug enabled I see that it "correclty" reeives
'DOMAIN\username')
For starters, I don't understand why authentication fails if I add --domain.
How can I find out why?
Then, adding --require-membership-of with or without --domain also fails.
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --domain=%{mschap:NT-D
omain} --username=%{Stripped-User-Name:-%{User-Name:-None}}
--require-membership-of='DOMAIN\\WIFI' --challenge=%{mschap:Challenge:-00}
--nt-response=%{mschap:NT-Response:-00}"
Finally, running ntlm_auth from the command line yields:
# ntlm_auth --request-nt-key --domain=DOMAIN --username=myuser
--require-membership-of='DOMAIN\\WIFI'
password:
NT_STATUS_OK: Success (0x0)
Could it be a "bug" in the freeradius version I'm running?
Can anyone please suggest how I can debug this (not a radius expert ;-) )?
Regards,
Vieri
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
