Hi,
We don't use NTLM authorisation so, as I understand, ntlm_auth method is
not suited for us.
Could you briefly outline how to rewrite User-Name ... and what files
should I modify ?
Thanks.
On Thu, 9 Jul 2009 [email protected] wrote:
Date: Thu, 9 Jul 2009 11:50:07 +0100
From: [email protected]
Reply-To: FreeRadius users mailing list
<[email protected]>
To: [email protected],
FreeRadius users mailing list <[email protected]>
Subject: Re: FreeRadius 2.1.6 + EAP-PEAP issue
Hi,
That entry alters User-Name and shouldn't be used with EAP. It works fine
with plain mschap but not here.
Enable ntdomain in inner-tunnel virtual server (just under suffix) and
create a local domain in proxy.conf:
realm csd-notebook {
}
i think his issue was that REALM could be anything random
from the laptop - ie its the machine name not a proper
set DOMAIN
gregs-machine\blurky
my-laptop\pinky
test-xp-3\adminstaff3
etc.
i think, in this case you need to use either attr rewrite
or unlang to take that value and NULL it into Stripped-User-Name
and then use Stripped-User-Name for the authentication step
(ntlm_auth) instead
though, from last looking at it, using MSCHAP:User-Name and
required AD domain in ntlm_auth worked pretty fine with
no fancy rewrites or unlang.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
