Never mind, found the solutions as:
ntlm_auth --username=%{mschap:User-Name} --foobar
J.
--
Jonathan De Graeve
Network/System Engineer
Imelda vzw
Informatica Dienst
+32 15/50.52.98
[EMAIL PROTECTED]
-
Always read the manual for the correct way to do things because the
number of incorrect ways to do things is almost infinite
-
-Oorspronkelijk bericht-
Van: freeradius-users-
[EMAIL PROTECTED]
[mailto:freeradius-users-
[EMAIL PROTECTED] Namens
Jonathan
De Graeve
Verzonden: maandag 25 september 2006 17:34
Aan: FreeRadius users mailing list
Onderwerp: PEAP-MSCHAPv2 against AD
I'm trying todo PEAP-MSCHAPv2 with authentication against an AD
Currently I have the following problem:
When the domain is in the username the authentication fails, if the
domainname isn't in the authentication the authentication succeeds.
I'm
using the following ntlm_auth line in radiusd.conf:
ntlm_auth = /usr/bin/ntlm_auth --request-nt-key
--username=%{Stripped-User-Name:-%{User-Name:-None}}
--challenge=%{mschap:Challenge:-00}
--nt-response=%{mschap:NT-Response:-00}
--require-membership-of=S-1-5-21-3816208617-2573269785-2633524980-1134
--domain=%{mschap:NT-Domain:-IMZ}
The with_ntdomain_hack = yes is enabled in the mschap {}
Output from shell:
radius1:/etc/freeradius# /usr/bin/ntlm_auth --request-nt-key
--username=IMZ\\beheerder --challenge=e456e008c25a9ac7
--nt-response=28e9d997b30267a36af64a4fcb530cd6b08f1141c09bc580
--require-membership-of=S-1-5-21-3816208617-2573269785-2633524980-1134
--domain=IMZ
Logon failure (0xc06d)
radius1:/etc/freeradius# /usr/bin/ntlm_auth --request-nt-key
--username=beheerder --challenge=e456e008c25a9ac7
--nt-response=28e9d997b30267a36af64a4fcb530cd6b08f1141c09bc580
--require-membership-of=S-1-5-21-3816208617-2573269785-2633524980-1134
--domain=IMZ
NT_KEY: EB23807FB13B1CAB06F4F0BBE5C199D0
Debugging information (with a different user)
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 252
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled EAP-Message
EAP-Message =
0x020800471a0208004231f622919de18b1fdab0ca9902b9729d4913
37f654a247b82ba252becd3320cdd94974567666fa081800494d5a5c6a6f6e617468616e
PEAP: Setting User-Name to IMZ\jonathan
PEAP: Adding old state with 8f f9
PEAP: Sending tunneled request
EAP-Message =
0x020800471a0208004231f622919de18b1fdab0ca9902b9729d4913
37f654a247b82ba252becd3320cdd94974567666fa081800494d5a5c6a6f6e617468616e
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = IMZ\\jonathan
State = 0x8ff913e6997d7ca8d6a9b4832ff5c931
NAS-IP-Address = 194.8.52.161
Connect-Info = CONNECT 802.11
Called-Station-Id = 000fb5df0524
Calling-Station-Id = 004096ab4eed
NAS-Identifier = ap
NAS-Port-Type = Wireless-802.11
NAS-Port = 4
NAS-Port-Id = 4
Framed-MTU = 1400
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 252
modcall[authorize]: module preprocess returns ok for request 252
modcall[authorize]: module attr_filter returns noop for request
252
modcall[authorize]: module chap returns noop for request 252
modcall[authorize]: module mschap returns noop for request 252
modcall[authorize]: module digest returns noop for request 252
rlm_realm: No '@' in User-Name = IMZ\jonathan, looking up realm
NULL
rlm_realm: No such realm NULL
modcall[authorize]: module suffix returns noop for request 252
rlm_eap: EAP packet type response id 8 length 71
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module eap returns updated for request 252
modcall[authorize]: module files returns notfound for request 252
radius_xlat: 'IMZ\\jonathan'
rlm_sql (sql): sql_set_user escaped user -- 'IMZ\\jonathan'
radius_xlat: 'SELECT id, UserName, Attribute, Value, op
FROM
radcheck WHERE Username = 'IMZ=5C=5C=5C=5Cjonathan'
ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql (sql): User IMZ\\jonathan not found in radcheck
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgrou
pcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE
usergroup.Username = 'IMZ=5C=5C=5C=5Cjonathan' AND usergroup.GroupName
=
radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT