I forgot to mention that I've used also
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{Stripped-
User-Name:-%{User-Name:-None}} --challenge=%{mschap:Challenge:-00} --
nt-response=%{mschap:NT-Response:-00}"
but nothing changed.
On 22/ott/2009, at 11:12, Ivan Kalik wrote:
I've configured freeradius to authenticate local users with our AD.
When I use simple username "barbato" it works perfectly, but if I use
[email protected]
it fails.
From log it seems that it's not stripped the realm/domain part
after @:
[mschapv2] +- entering group MS-CHAP {...}
[mschap] Told to do MS-CHAPv2 for [email protected] with NT-Password
[mschap] expand: --username=%{mschap:User-Name} ->
[email protected]
[mschap] mschap2: b9
[mschap] expand: --challenge=%{mschap:Challenge:-00} -> --
challenge=4e0cb755e2e70d10
[mschap] expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-
response=a0e03bda2615311436749b892e3a741d7a8605a1037fcce1
Exec-Program output: Logon failure (0xc000006d)
Right, so you have altered the default ntlm_auth line and replaced
Stripped-User-Name with mschap:User-Name and now you are wondering
why is
it not using Stripped-User-Name???
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
------------------------------------------------------------------------------------------------
Paolo Barbato email: mailto:[email protected]
Network Administrator phone: (39-049)-829-5097
(39-049)-829-5000
Corso Stati Uniti,4 www: http://www.igi.cnr.it
35127 Camin-Padova PGP: http://www.igi.cnr.it/wwwpgp/rfx_paolo_barbato.pgp
ITALY JabberID: [email protected]
------------------------------------------------------------------------------------------------
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
