Did you try just
--username=%{Stripped-User-Name:-None}
Ron.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Thursday, January 20, 2005 9:39 AM
To: [email protected]
Subject: 802.1x, PEAP, and AD
Hi all,
I'm having an issue doing PEAP against AD. I have most of it working,
except for this. If I use the ntlm_auth line "ntlm_auth =
"/usr/bin/ntlm_auth --request-nt-key
--username=%{Stripped-User-Name:-%{User-Name:-None}}
--challenge=%{mschap:Challenge:-00}
--nt-response=%{mschap:NT-Response:-00}" in the MSCHAP section, I get the
following debug output:
Wed Jan 19 23:56:26 2005 : Debug: modcall: entering group Auth-Type for
request 6
Wed Jan 19 23:56:26 2005 : Debug: modsingle[authenticate]: calling mschap
(rlm_mschap) for request 6
Wed Jan 19 23:56:26 2005 : Debug: rlm_mschap: No User-Password
configured. Cannot create LM-Password.
Wed Jan 19 23:56:26 2005 : Debug: rlm_mschap: No User-Password
configured. Cannot create NT-Password.
Wed Jan 19 23:56:26 2005 : Debug: rlm_mschap: Told to do MS-CHAPv2 for
mcapelle with NT-Password
Wed Jan 19 23:56:26 2005 : Debug: radius_xlat: Running registered xlat
function of module mschap for string 'Challenge'
Wed Jan 19 23:56:26 2005 : Debug: mschap2: 46
Wed Jan 19 23:56:26 2005 : Debug: radius_xlat: Running registered xlat
function of module mschap for string 'NT-Response'
Wed Jan 19 23:56:26 2005 : Debug: radius_xlat: '/usr/bin/ntlm_auth
--request-nt-key --username=AMS\\mcapelle --challenge=49ef2649993xxxxx
--nt-response=acb812c77520cad273a2dbf044b669d9d3e0ed08xxxxxxxx'
Wed Jan 19 23:56:26 2005 : Debug: Exec-Program: /usr/bin/ntlm_auth
--request-nt-key --username=AMS\\mcapelle --challenge=49ef2649993xxxxx
--nt-response=acb812c77520cad273a2dbf044b669d9d3e0ed08xxxxxxxx
Wed Jan 19 23:56:27 2005 : Debug: Exec-Program output: Logon failure
(0xc000006d)
Wed Jan 19 23:56:27 2005 : Debug: Exec-Program-Wait: plaintext: Logon
failure (0xc000006d)
Wed Jan 19 23:56:27 2005 : Debug: Exec-Program: returned: 1
Wed Jan 19 23:56:27 2005 : Debug: rlm_mschap: External script failed.
Wed Jan 19 23:56:27 2005 : Debug: rlm_mschap: FAILED: MS-CHAP2-Response
is incorrect
But if I replace the %{Stripped-User-Name:-%{User-Name:-None}} with
"mcapelle" the auth works. Try as I might, I cannot figure out what I need
to put after --username to end up with this format username for the
ntlm_auth request. Can anyone help?
Thanks,
Mark Capelle
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
