On 09/02/12 17:02, Phil Mayers wrote:
On 09/02/12 16:49, Francois Gaudreault wrote:
On 12-02-09 11:41 AM, Alan Buxey wrote:
hmm, with nt_domain_hack = yes and --username=%{%{mschap:User-Name}
used for
the auth attempt , things shoud work
By saying "--username=%{mshcap:user-name}" you refer to the ntlm_auth
line in the mschap module right? However, we are not using AD, we are
using LDAP populating the NT-Password field, we don't need this
ntlm_auth line in the mschap module do we? Like I said, it's working
well with user authentication.
Can you share the unobfuscated values for an attempt? The MS-CHAP
challenge/response, NT-Password and User-Name? I've got a little script
that performs blob generation and validation, and I can see if it's
using name$ or host/name.domain as the challenge mix-in.
Also, maybe try this:
authorize {
...
update request {
MS-CHAP-User-Name = "%{mschap:User-Name}"
}
...
}
This should expand to "name$" for "host/name.domain". The mschap module
will prefer MS-CHAP-User-Name as input to to challenge generation, and
may work.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
