The server is sending: --username=AMS\\mcapelle
You need to strip the domain, check the ntdomain option or
nt_domain_hack
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Thursday, January 20, 2005 10:39 AM
To:
realm ntdomain {
format = prefix
delimiter = \\
ignore_default = no
ignore_null = no
}
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Thursday,
Did you try just
--username=%{Stripped-User-Name:-None}
Ron.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Thursday, January 20, 2005 9:39 AM
To: freeradius-users@lists.freeradius.org
Subject: 802.1x, PEAP, and AD
Hi all,
I'm
Actually, what you should be sending in the --username option is:
--username=%{mschap:User-Name}
This will automatically stip the domain portion (if it exists) from the
username before sending it to the DC.
--Mike
---
Michael Griego
Wireless LAN Project Manager
This is what I use
ntlm_auth = /usr/local/samba/bin/ntlm_auth --request-nt-key
--username=%{Stripped-User-Name:-%{User-Name:-None}} --challenge=
%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Yes I did =). That yields:
Thu Jan 20 01:02:02 2005 : Debug: modsingle[authenticate]: calling mschap
(rlm_mschap) for request 6
Thu Jan 20 01:02:02 2005 : Debug: rlm_mschap: No User-Password
configured. Cannot create LM-Password.
Thu Jan 20 01:02:02 2005 : Debug: rlm_mschap: No
Eureka!
Michael was correct. I had a typo (ntlm_atuh). Fixed that and it works!
Thanks to Ron, Michael, and Kurt for all the help, you guys are great!
[EMAIL PROTECTED]
Tried that and I end up with -
Thu Jan 20 00:51:30 2005 : Debug: modcall: entering group Auth-Type for
request 6
Thu Jan
7 matches
Mail list logo
