Hi All, Is there any way to get radclient working with chap and ntlm_auth?
If I try to use it with ntlm_auth, I get an Accept even with a bad password. redhatfc5:/etc/raddb # rt /tmp/file Sending Access-Request of id 15 to 127.0.0.1 port 1812 User-Name = "codo" CHAP-Password = 0x0f25a253a1113c6f903f31ec0d8eb7fae9 NAS-IP-Address = 180.44.200.10 NAS-Port-Type = Ethernet NAS-Port = 1 Calling-Station-Id = "000100000001" rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=15, length=61 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "103" HP-port-priority-regeneration-table = "0" Total approved auths: 1 Total denied auths: 0 Total lost auths: 0 redhatfc5:/etc/raddb # grep codo users codo Auth-Type := ntlm_auth redhatfc5:/etc/raddb # radtest codo badpass 127.0.0.1 1 hpsecret Sending Access-Request of id 144 to 127.0.0.1 port 1812 User-Name = "codo" User-Password = "badpass" NAS-IP-Address = 255.255.255.255 NAS-Port = 1 rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=144, length=35 The radiusd debug output shows: auth: type "ntlm_auth" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 radius_xlat: Running registered xlat function of module mschap for string 'User-Name' radius_xlat: '/usr/bin/ntlm_auth ntlm_auth --request-nt-key --domain=NETIDM --username=codo --password=' Exec-Program: /usr/bin/ntlm_auth ntlm_auth --request-nt-key --domain=NETIDM --username=codo --password= modcall[authenticate]: module "ntlm_auth" returns ok for request 0 modcall: leaving group authenticate (returns ok) for request 0 Login OK: [codo/<CHAP-Password>] (from client me port 1 cli 000100000001) Processing the post-auth section of radiusd.conf I saw Alan's blog that states this isn't currently available but I was wondering if there was a way around it. Thanks ! Corey Corey Dow Solution Test Center Engineer ProCurve Networking Hewlett-Packard Company
smime.p7s
Description: S/MIME cryptographic signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html