Here is the failure trace for this user: domain1\user1 Cleartext-Password
:= "pass1":
The backslash leads the code to think it's System auth_type when in fact it's
PAP.
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1:63550, id=1, length=58
User-Name = "domain1\\user1"
User-Password = "pass1"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
radius_xlat: '../var/log/radius/radacct/127.0.0.1/auth-detail-20120926.log
rlm_detail: ../var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m
g expands to ../var/log/radius/radacct/127.0.0.1/auth-detail-20120926.log
modcall[authorize]: module "auth_log" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "domain1\\user1", looking up realm
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 0
users: Matched entry DEFAULT at line 171
modcall[authorize]: module "files" returns ok for request 0
rlm_pap: WARNING! No "known good" password found for the user. Authenticat
ay fail because of this.
modcall[authorize]: module "pap" returns noop for request 0
modcall: leaving group authorize (returns ok) for request 0
rad_check_password: Found Auth-Type System
auth: type "System"
ERROR: Unknown value specified for Auth-Type. Cannot perform requested a
.
auth: Failed to validate the user.
Login incorrect: [domain1\\user1/pass1] (from client localhost port 0)
________________________________
From: Crne We <crn...@yahoo.com>
To: alan buxey <a.l.m.bu...@lboro.ac.uk>; FreeRadius users mailing list
<freeradius-users@lists.freeradius.org>
Sent: Wednesday, September 26, 2012 12:07 PM
Subject: Re: handling win domain name in username
The user name in LDAP is of the form domainname\username. I wanted to configure
the same username in the freeradius as well but different password than LDAP.
Authentication fails on the Radius side with this kind of username. If
freeradius doesn;t care, not sure why it fails for such usernames.
________________________________
From: alan buxey <a.l.m.bu...@lboro.ac.uk>
To: Crne We <crn...@yahoo.com>; FreeRadius users mailing list
<freeradius-users@lists.freeradius.org>
Sent: Wednesday, September 26, 2012 1:07 AM
Subject: Re: handling win domain name in username
Hi,
> Environmnet: Freeradius with PAP on Windows
> Username: domain\user1
> password: *******
> Looks like the Freeradius doesn't seem to like the windows domain name as
> part of username?
FreeRADIUS doesnt care. your chosen authentication method cares. if you dont
want that 'domain'
to appear then use the prefix module and ensure you have that domain listed in
proxy.conf eg
domain {
}
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html