On 13/10/10 11:55, Mark Holmes wrote:
Thanks Phil.
Final question: At the moment, I can authenticate with username, but not with
usern...@mydomain.ox.ac.uk
How do I tell freeradius to accept usern...@mydomain.ox.ac.uk (I don't mind if
authenticating with just username without the domain fails)
Sorry, I don't follow: isn't that just the same question you asked
previously?
FreeRadius itself doesn't care what the username is. The key is that the
modules doing the authentication can recognise and authenticate that
username.
I believe from your earlier posts you are using "mschap" and the
"ntlm_auth" helper? If you look in the default configs, the commented
out (but suggested) config is:
#ntlm_auth = "/path/to/ntlm_auth --request-nt-key
--username=%{%{Stripped-User-Name}:-%{User-Name:-None}}
--challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
Note the use of the conditional expansion "Stripped-User-Name"
Anyway, as always - if it's failing, please post the full debug output i.e.:
radiusd -X | tee log
...so we can see why and help you.
In all probability, you are passing the unstripped username a...@b to
"ntlm_auth" and it's choking on it.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
