Hi, I'm running freeradius-2.0.5 on Linux.
My setup is as follows: Windows Vista native client - Linksys AP - FreeRadius Linux server (PEAP/mschapv2) - Active Directory Windows server Everything works smoothly with the following ntlm_auth parameters in the mschap module: ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{Stripped-User-Name:-%{User-Name:-None}} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}" However, user authentication is rejected when I add the --domain parameter: ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --domain=%{mschap:NT-D omain} --username=%{Stripped-User-Name:-%{User-Name:-None}} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}" (from the Windows Vista client I obviously set the DOMAIN filed; besides, if I run the freeradius daemon with debug enabled I see that it "correclty" reeives 'DOMAIN\username') For starters, I don't understand why authentication fails if I add --domain. How can I find out why? Then, adding --require-membership-of with or without --domain also fails. ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --domain=%{mschap:NT-D omain} --username=%{Stripped-User-Name:-%{User-Name:-None}} --require-membership-of='DOMAIN\\WIFI' --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}" Finally, running ntlm_auth from the command line yields: # ntlm_auth --request-nt-key --domain=DOMAIN --username=myuser --require-membership-of='DOMAIN\\WIFI' password: NT_STATUS_OK: Success (0x0) Could it be a "bug" in the freeradius version I'm running? Can anyone please suggest how I can debug this (not a radius expert ;-) )? Regards, Vieri - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html