Hi,
On Friday 01 April 2011 18:32:21 Phil Mayers wrote:
On 01/04/11 13:43, Thomas Wunder wrote:
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] Found NT-Password
[mschap] ERROR: User-Name (winmac\tom1) is not the same as MS-CHAP Name
(tom1) from
On 04/04/2011 07:57 AM, Thomas Wunder wrote:
Hi, On Friday 01 April 2011 18:32:21 Phil Mayers wrote:
On 01/04/11 13:43, Thomas Wunder wrote:
[mschap] No Cleartext-Password configured. Cannot create
LM-Password. [mschap] Found NT-Password [mschap] ERROR: User-Name
(winmac\tom1) is not the same
On Wednesday 30 March 2011 15:52:31 Phil Mayers wrote:
First, there's no need to email me directly; I read the list.
I totally agree with you I just missed to exchange the recipient address (and
after noticing that i also sent it to the list)... sorry!
You *only* set:
with_ntdomain_hack =
On 01/04/11 11:08, Thomas Wunder wrote:
On Wednesday 30 March 2011 15:52:31 Phil Mayers wrote:
First, there's no need to email me directly; I read the list.
I totally agree with you I just missed to exchange the recipient address (and
after noticing that i also sent it to the list)... sorry!
Hi,
call it crude or whatever you want ;-) but that was my last resort:
After fiddling with the code of rlm_mschap I found that all I need to do is to
comment out line 1201 of rlm_mschap.c (where it says 'return
RLM_MODULE_REJECT;')
Maybe it has something to do with the conditions (which look a
On 01/04/11 13:43, Thomas Wunder wrote:
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] Found NT-Password
[mschap] ERROR: User-Name (winmac\tom1) is not the same as MS-CHAP Name (tom1)
from EAP-MSCHAPv2
What client are you using?
It's sending:
EAP-Identity
On 30/03/11 14:46, Thomas Wunder wrote:
Hi On Friday 25 March 2011 15:42:30 you wrote:
In which case, you *must* enable with_ntdomain_hack = yes
First, there's no need to email me directly; I read the list.
Second - you say:
As you suggested I changed the 'with_ntdomain_hack' option to
On 03/25/2011 10:09 PM, Robert Roll wrote:
If you just want to split username@realm into username and realm, you
should be able to use this in authorize section
if (%{request:User-Name} =~ /^(.*)@/) {
update request {
On 03/25/2011 09:45 PM, Robert Roll wrote:
Note that in the above the Realm is quite useful, but there is NO need to
actually do proxy, so really no REAL need to get into the proxy.conf ?
This is a good reason to use unlang rather than realm. realm is
designed for proxying, always gets
]
Sent: Saturday, March 26, 2011 4:59 AM
To: freeradius-users@lists.freeradius.org
Subject: Re: Strip off the domain part from the User-Name
On 03/25/2011 09:45 PM, Robert Roll wrote:
Note that in the above the Realm is quite useful, but there is NO need to
actually do proxy, so really
On 25/03/11 09:39, Thomas Wunder wrote:
On Thursday 24 March 2011 09:36:28 Phil Mayers wrote:
Please post a full debug. It's not possible to find the real cause of
your problem from the snippet.
(see attachment)
I am guessing that you're attempting to modify the username; you can't
do that,
On Friday 25 March 2011 11:15:58 you wrote:
Use %{mschap:User-Name} everywhere; this will give the bare username
That sounds consequent but what exactly do you mean by everywhere?
I use the policy.conf (as you can see by the debug output from my previous
posting) to define some policies that
freeradius 2.1.8:
My environment uses ntlm_auth and ldap modules.
in mschap module, i have a line like:
ntlm_auth = /usr/bin/ntlm_auth --request-nt-key
--username=%{%{Stripped-User-Name}:-%{User-Name:-None}}
--challenge=%{mschap:Challenge:-00} --nt-re$
also, in ldap:
filter =
-bounces+robert.roll=utah@lists.freeradius.org
[freeradius-users-bounces+robert.roll=utah@lists.freeradius.org] On Behalf
Of Nolan King [nk...@mnwd.com]
Sent: Friday, March 25, 2011 10:35 AM
To: freeradius list
Subject: Re: Strip off the domain part from the User-Name
freeradius 2.1.8:
My
Robert Roll wrote:
We're currently running 2.1.10..
I seemed to notice that the Out of the Box Config does not seem to
actually create
a Stripped-Username and Realm.
It creates those attributes if you define a realm. If you don't
define a realm, it doesn't know how to create a Realm
-bounces+robert.roll=utah@lists.freeradius.org] On Behalf
Of Alan DeKok [al...@deployingradius.com]
Sent: Friday, March 25, 2011 1:09 PM
To: FreeRadius users mailing list
Subject: Re: Strip off the domain part from the User-Name
Robert Roll wrote:
We're currently running 2.1.10..
I seemed
On Sat, Mar 26, 2011 at 4:45 AM, Robert Roll robert.r...@utah.edu wrote:
A normal authorize might look like:
ldapAuthUser
if( %Realm ) {
ldapAuthVLAN
}
If one is smart about naming the Group in ldap the same as the Realm,
then one can quite easily construct a search
On Sat, Mar 26, 2011 at 5:00 AM, Fajar A. Nugraha l...@fajar.net wrote:
On Sat, Mar 26, 2011 at 4:45 AM, Robert Roll robert.r...@utah.edu wrote:
A normal authorize might look like:
ldapAuthUser
if( %Realm ) {
ldapAuthVLAN
}
If one is smart about naming the Group in ldap
=utah@lists.freeradius.org
[freeradius-users-bounces+robert.roll=utah@lists.freeradius.org] On Behalf
Of Fajar A. Nugraha [l...@fajar.net]
Sent: Friday, March 25, 2011 4:00 PM
To: FreeRadius users mailing list
Subject: Re: Strip off the domain part from the User-Name
On Sat, Mar 26, 2011
On 03/23/2011 08:30 PM, Michael Lecuyer wrote:
The MSCHAPs include the given name when calculating the hashes.
Stripping the domain will therefore not work. The client is using the
domain\name in the hash and you're asking the server to use just the name.
Actually that's not true; the mschap
On 03/23/2011 07:08 PM, Thomas Wunder wrote:
But when it comes to MSCHAP authentication I've got a problem:
I get errors like
[mschap] ERROR: User-Name (testpc\tom1) is not the same as MS-CHAP Name (tom1) from
EAP-MSCHAPv2
(...which sounds consequent) I've tried solve that problem by changing
Hi,
I'm currently trying to configure my Win7 clients to do wired 802.1X
authentication using the credentials a user provides at the login screen. Wired
802.1X auth itself works fine but as soon as I have it use the logon
credentials (using the Automatically use my Windows logon name and
The MSCHAPs include the given name when calculating the hashes.
Stripping the domain will therefore not work. The client is using the
domain\name in the hash and you're asking the server to use just the name.
On 3/23/2011 15:08 PM, Thomas Wunder wrote:
Hi,
I'm currently trying to configure my
23 matches
Mail list logo
