On 23.2.2022 23.27, Ullfig, Roberto Alfredo wrote:
Wed Feb 23 15:03:55 2022: DEBUG: Radius::AuthNTLM REJECT: AuthBy NTLM
Password check failed: user [[email protected]]
Wed Feb 23 15:03:55 2022: DEBUG: AuthBy NTLM result: REJECT, AuthBy NTLM
Password check failed
To AD it looks like a wrong password was entered. Why do the NTLM lines
have "user [[email protected]]" - why not just user?
The format is 'value used for authenticating [original username]'. For
example, if username is rewritten, or something else, such as
Calling-Station-Id attribute value, is used to lookup user record, that
value gets logged first.
What follows between [] is the original User-Name as it was received.
The idea is to log information about what's currently used and what was
originally received as User-Name.
In your example, 'user' is passed to NTLM subsystem as authentication
username instead of '[email protected]' that was the value in the incoming
request.
Thanks,
Heikki
--
Heikki Vatiainen <[email protected]>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory,
EAP, TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, etc.
_______________________________________________
radiator mailing list
[email protected]
https://lists.open.com.au/mailman/listinfo/radiator
