Okay, I made those changes, but it still isn't working.. New log output:
Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] +- entering group MS-CHAP {...} [mschap] Told to do MS-CHAPv2 for nmjoo with NT-Password [mschap] expand: --username=%{mschap:User-Name:-None} -> --username=nmjoo [mschap] expand: %{mschap:NT-Domain} -> IOWA [mschap] expand: --domain=%{%{mschap:NT-Domain}:-IOWA} -> --domain=IOWA [mschap] mschap2: f7 [mschap] expand: --challenge=%{mschap:Challenge:-00} -> --challenge=7ec345e462e886cc [mschap] expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=a702419f587f109f326572c6e275dde4c144ccf18a11cc1d Exec-Program output: NT_KEY: 0FD5C0593F3B79F0478DB821B51BCB38 Exec-Program-Wait: plaintext: NT_KEY: 0FD5C0593F3B79F0478DB821B51BCB38 Exec-Program: returned: 0 [mschap] adding MS-CHAPv2 MPPE keys ++[mschap] returns ok MSCHAP Success ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x010a00331a0309002e533d37304443454534424441463830433945444643443943413335313237463630414239443345323741 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x685b4a666951502b3811a806682630a9 [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x010a00331a0309002e533d37304443454534424441463830433945444643443943413335313237463630414239443345323741 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x685b4a666951502b3811a806682630a9 [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 0 to 128.255.11.74 port 32768 EAP-Message = 0x010a005b19001703010050a8e7120ce3206005ece77b52e24df05d1ea02d75ff3620697699ee570a8b6a06d08cc95c2d4f4985bd9d8754d8a895ca8758dddd2ba6f7973a78d16d781735fb1e7274f297ef87971da17a0f708d6d0d Message-Authenticator = 0x00000000000000000000000000000000 State = 0x122499391a2e80cc44ec4cdf9c13104c Finished request 17. Going to the next request Waking up in 3.2 seconds. C -- Neil Johnson Network Engineer Information Technology Services The University of Iowa 319 384-0938 neil-john...@uiowa.edu > -----Original Message----- > From: freeradius-users-bounces+neil- > johnson=uiowa....@lists.freeradius.org [mailto:freeradius-users- > bounces+neil-johnson=uiowa....@lists.freeradius.org] On Behalf Of Phil > Mayers > Sent: Thursday, October 28, 2010 10:44 AM > To: freeradius-users@lists.freeradius.org > Subject: Re: Authenticating agains AD issues > > On 28/10/10 16:22, Johnson, Neil M wrote: > > Yes, I did. > > Ah. However, the debug output says: > > > > > [mschap] expand: %{Stripped-User-Name} -> > > [mschap] ... expanding second conditional > > [mschap] WARNING: Deprecated conditional expansion ":-". See "man > > unlang" for details > > [mschap] expand: %{User-Name:-None} -> IOWA\nmjoo > > [mschap] expand: --username=%{%{Stripped-User-Name}:-%{User-Name:- > None}} > > -> --username=IOWA\nmjoo > > i.e. the username still contains a "DOMAIN\". You need to change the > "ntlm_auth" command in /etc/raddb/modules/mschap to have: > > ntlm_auth = "... --username=%{mschap:User-Name} ..." > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html