[EMAIL PROTECTED] wrote:
here is the debug: (user-test- who is not in domain
Well, he was found in AD. And in that domain. And with correct password.
certainly,
hi is in the AD it is correct,
the problem is the domain
win send the
- DOMAIN\username if it is in domain,
- HOSTNAME\username if it is not in domain (only workgroup)
but when i set TEST(my domain) as hostname (it still not in domain), it
will send this and freeradius think it is correct.
how can I config the freeradius to reject auth, when it is not in
domain(but send domain name as hostname)
like: ntdomain or something proxy.conf modification or hack, i have
no idea what is the solution.
[mschap] expand: --domain=%{mschap:NT-Domain} -> --domain=TEST
[mschap] expand: --username=%{mschap:User-Name} -> --username=test
[mschap] mschap2: 10
[mschap] expand: --challenge=%{mschap:Challenge:-00} -> --challenge=ad923676ac4c1b76 [mschap] expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=2b4dda1057bbf603f10d79c87e09e6203b600788c29e7ff5
Exec-Program output: NT_KEY: 2066656E05C22F3A995AD9ECFED913D6
Exec-Program-Wait: plaintext: NT_KEY: 2066656E05C22F3A995AD9ECFED913D6
Exec-Program: returned: 0
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
MSCHAP Success
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
