W dniu 2011-05-07 20:50, Robert Mc Cready pisze:
The "MS-CHAP-Use-NTLM-Auth := no" did the job but I still have one
problem with Windows XP clients, I get a " [mschap] ERROR: User-Name
(CAD08862\ldapuser) is not the same as MS-CHAP Name (ldapuser) from
EAP-MSCHAPv2". Users log on locally, the host name is not a domain
name. Windows 7 clients work fine because they send only the username.
I do some rewrites so I can get the username for the LDAP
authentication and the computers name for computer account
authentication (I'm not familiar with unlang yet). We use FR 2.1.10.
Any idea how to fix this ?
Try to uncomment the ntdomain line in the authorize section of site
configuration. This will split the realm (computer name) and login.
Maybe you'll also need to set the with_ntdomain_hack = yes in mschap
module configuration.
Daniel
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
