Did you try just --username=%{Stripped-User-Name:-None}
Ron. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, January 20, 2005 9:39 AM To: freeradius-users@lists.freeradius.org Subject: 802.1x, PEAP, and AD Hi all, I'm having an issue doing PEAP against AD. I have most of it working, except for this. If I use the ntlm_auth line "ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{Stripped-User-Name:-%{User-Name:-None}} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}" in the MSCHAP section, I get the following debug output: Wed Jan 19 23:56:26 2005 : Debug: modcall: entering group Auth-Type for request 6 Wed Jan 19 23:56:26 2005 : Debug: modsingle[authenticate]: calling mschap (rlm_mschap) for request 6 Wed Jan 19 23:56:26 2005 : Debug: rlm_mschap: No User-Password configured. Cannot create LM-Password. Wed Jan 19 23:56:26 2005 : Debug: rlm_mschap: No User-Password configured. Cannot create NT-Password. Wed Jan 19 23:56:26 2005 : Debug: rlm_mschap: Told to do MS-CHAPv2 for mcapelle with NT-Password Wed Jan 19 23:56:26 2005 : Debug: radius_xlat: Running registered xlat function of module mschap for string 'Challenge' Wed Jan 19 23:56:26 2005 : Debug: mschap2: 46 Wed Jan 19 23:56:26 2005 : Debug: radius_xlat: Running registered xlat function of module mschap for string 'NT-Response' Wed Jan 19 23:56:26 2005 : Debug: radius_xlat: '/usr/bin/ntlm_auth --request-nt-key --username=AMS\\mcapelle --challenge=49ef2649993xxxxx --nt-response=acb812c77520cad273a2dbf044b669d9d3e0ed08xxxxxxxx' Wed Jan 19 23:56:26 2005 : Debug: Exec-Program: /usr/bin/ntlm_auth --request-nt-key --username=AMS\\mcapelle --challenge=49ef2649993xxxxx --nt-response=acb812c77520cad273a2dbf044b669d9d3e0ed08xxxxxxxx Wed Jan 19 23:56:27 2005 : Debug: Exec-Program output: Logon failure (0xc000006d) Wed Jan 19 23:56:27 2005 : Debug: Exec-Program-Wait: plaintext: Logon failure (0xc000006d) Wed Jan 19 23:56:27 2005 : Debug: Exec-Program: returned: 1 Wed Jan 19 23:56:27 2005 : Debug: rlm_mschap: External script failed. Wed Jan 19 23:56:27 2005 : Debug: rlm_mschap: FAILED: MS-CHAP2-Response is incorrect But if I replace the %{Stripped-User-Name:-%{User-Name:-None}} with "mcapelle" the auth works. Try as I might, I cannot figure out what I need to put after --username to end up with this format username for the ntlm_auth request. Can anyone help? Thanks, Mark Capelle - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html