Hi,
We are using freeRADIUS talk to multiple ADs integration. I updated my
freeRADIUS from 1.1.6 to 2.1.9 recently.
"xjtu" is our default domain, for users under this domain will only use
username to authenticate to RADIUS. With 1.1.6, it will get "xjtu" as domain;
But with 2.1.9, it will not, please see the debug info below.
It is the related part in configuration file:
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
--domain=%{mschap:NT-Domain:-xjtu} --username=%{mschap:User-Name}
--challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
It is debug info:
[mschap] Told to do MS-CHAPv2 for hhe with NT-Password
[mschap] No NT-Domain was found in the User-Name.
[mschap] expand: --domain=%{mschap:NT-Domain} -> --domain=
[mschap] expand: --username=%{mschap:User-Name:-None} -> --username=hhe
[mschap] mschap2: a6
[mschap] expand: --challenge=%{mschap:Challenge:-00} ->
--challenge=ddca17e9bfdaf05a
[mschap] expand: --nt-response=%{mschap:NT-Response:-00} ->
--nt-response=741e305efc7bce1071682eee0b3c37142b184b9544242304
John
# -*- text -*-
#
# $Id$
# Microsoft CHAP authentication
#
# This module supports MS-CHAP and MS-CHAPv2 authentication.
# It also enforces the SMB-Account-Ctrl attribute.
#
mschap {
#use_mppe = no
#require_encryption = yes
#require_strong = yes
with_ntdomain_hack = yes
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
--domain=%{mschap:NT-Domain:-xjtu} --username=%{mschap:User-Name}
--challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
}
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
