As with every other freeradius problem - when it doesn't work - debug (radiusd -X).
Ivan Kalik Kalik Infromatika ISP Dana 2/10/2008, "Vieri" <[EMAIL PROTECTED]> piše: >Hi, > >I'm running freeradius-2.0.5 on Linux. > >My setup is as follows: > >Windows Vista native client - Linksys AP - FreeRadius Linux server >(PEAP/mschapv2) - Active Directory Windows server > >Everything works smoothly with the following ntlm_auth parameters in the >mschap module: > >ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key >--username=%{Stripped-User-Name:-%{User-Name:-None}} >--challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}" > >However, user authentication is rejected when I add the --domain parameter: > >ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --domain=%{mschap:NT-D >omain} --username=%{Stripped-User-Name:-%{User-Name:-None}} >--challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}" > >(from the Windows Vista client I obviously set the DOMAIN filed; besides, if I >run the freeradius daemon with debug enabled I see that it "correclty" reeives >'DOMAIN\username') > >For starters, I don't understand why authentication fails if I add --domain. >How can I find out why? > >Then, adding --require-membership-of with or without --domain also fails. > >ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --domain=%{mschap:NT-D >omain} --username=%{Stripped-User-Name:-%{User-Name:-None}} >--require-membership-of='DOMAIN\\WIFI' --challenge=%{mschap:Challenge:-00} >--nt-response=%{mschap:NT-Response:-00}" > >Finally, running ntlm_auth from the command line yields: > ># ntlm_auth --request-nt-key --domain=DOMAIN --username=myuser >--require-membership-of='DOMAIN\\WIFI' >password: >NT_STATUS_OK: Success (0x0) > >Could it be a "bug" in the freeradius version I'm running? > >Can anyone please suggest how I can debug this (not a radius expert ;-) )? > >Regards, > >Vieri > > > > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html