On Wednesday 30 March 2011 15:52:31 Phil Mayers wrote:
> First, there's no need to email me directly; I read the list.
I totally agree with you I just missed to exchange the recipient address (and
after noticing that i also sent it to the list)... sorry!
> You *only* set:
> with_ntdomain_hack = yes
> ...in modules/mschap.
> DO NOT set it anywhere else - this basically does exactly the same thing
> you were doing earlier (rewriting the *real* username) and causes EAP to
> break.
Sorry but that didn't help either. I did -- like you suggested -- set
'with_ntdomain_hack' back to 'no' everywhere except for modules/mschap but I
still get that '[...] not the same as [...]' error message.
[mschapv2] # Executing group from file
/etc/freeradius/sites-enabled/inner-tunnel
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] Found NT-Password
[mschap] ERROR: User-Name (winmac\tom1) is not the same as MS-CHAP Name (tom1)
from EAP-MSCHAPv2
++[mschap] returns reject
Again a full log is appended. My modules/mschap currently looks like this (i
suppose that the above problems might arise from it):
mschap {
use_mppe = yes
require_encryption = yes
require_strong = yes
with_ntdomain_hack = yes
}
Regards
Tom
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
