Hi Pete, > I am trying to get NTLM hashes stored in LDAP to be authenticated via > eap-radius. However, when I connect a Windows client (7 or 10), I see this > type of failure in the freeradius logs: > > radius3 freeradius[23803]: Login Incorrect: [\\300\\250z+/] from client > vpn01 (mac=, cli=[IP deleted][4500], port=ikev2-mschapv2) > > An incorrect login would normally have the form of: > > Login Incorrect: [username/badpassword] > > Any idea why Windows (or Strongswan) is sending garbage for the > username/password?
Nope (you asked that a while ago already). With eap-radius strongSwan simply forwards EAP messages between client and RADIUS server, so you might want to debug FreeRADIUS ([1], [2]) to see more about what happens and/or ask on the FreeRADIUS mailing list about this. Regards, Tobias [1] https://freeradius.org/radiusd/man/radiusd.html [2] https://freeradius.org/radiusd/man/raddebug.html
