> I've configured freeradius to authenticate local users with our AD. > > When I use simple username "barbato" it works perfectly, but if I use > [email protected] > it fails. > > From log it seems that it's not stripped the realm/domain part after @: > > [mschapv2] +- entering group MS-CHAP {...} > [mschap] Told to do MS-CHAPv2 for [email protected] with NT-Password > [mschap] expand: --username=%{mschap:User-Name} -> > [email protected] > [mschap] mschap2: b9 > [mschap] expand: --challenge=%{mschap:Challenge:-00} -> -- > challenge=4e0cb755e2e70d10 > [mschap] expand: --nt-response=%{mschap:NT-Response:-00} -> --nt- > response=a0e03bda2615311436749b892e3a741d7a8605a1037fcce1 > Exec-Program output: Logon failure (0xc000006d)
Right, so you have altered the default ntlm_auth line and replaced Stripped-User-Name with mschap:User-Name and now you are wondering why is it not using Stripped-User-Name??? Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
