Hi Phil,
On 11-05-29 6:16 AM, Phil Mayers wrote:
Ok, so as before what we're seeing is that the host is sending
STIC08862\TechRMC
...in the EAP-Identity response, but:
TechRMC
...in the MSCHAP packet (the hex above decodes to that)
This is obviously broken, but here's where I get confused: STIC08862
doesn't look like a domain name to me. It looks like a machine name.
It is indeed a machine name. This is where we have problems, this does
not happen using Windows 7. I tried to set a Realm for that machine
name without success. The thing I don't understand is why MSCHAP
complains about that. I mean, correct me if I am wrong,
mschap:User-Name will *always* strip that part since it looks like a domain.
Is the machine a domain member or not? Is the user logging on locally
or with a domain account? Or is this an artefact of the way Novell works?
The machine is not member of the domain, and the user logs in Novell.
So when the user logs in, it sends the username information to RADIUS
just like if a local user logs in.
What happens if you take an ordinary machine, without the Novell
client installed, create a local user with the same username/password
as a domain user, then use "send username automatically"
We tried it, and the machine appears to be sending the machine name
anyway. It will work only if we don't send the credentials automatically.
Thanks!
--
Francois Gaudreault, ing. jr
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
