Re: Removing domain prefix from login

Hi list, thanks for the help. Ive fix the problem changing the following parameters: /etc/freeradius/sites-enabled/inner-tunnel:authorize: ntdomain /etc/freeradius/modules/mschap:with_ntdomain_hack = yes Now everythings is OK. Thanks for all. Regards Alejandro Gándara Junior System Admi

Re: Removing domain prefix from login

On 11/11/11 09:52, Alejandro Gandara wrote: this is the short view: [peap] The users session was previously rejected: returning reject (again.) [peap] *** This means you need to read the PREVIOUS messages in the Sigh. Read this line. - List info/subscribe/unsubscribe? See http://www.freera

Re: Removing domain prefix from login

2011/11/11 Phil Mayers > On 11/11/2011 07:46 AM, Alejandro Gandara wrote: > > I got erros anyways. I've attached debug output >> > > The debug output didn't make it through; I guess it was too big. Use a > pastebin, or put it inline in the email? > > this is the short view: ++[preprocess] return

Re: Removing domain prefix from login

On 11/11/2011 07:46 AM, Alejandro Gandara wrote: I got erros anyways. I've attached debug output The debug output didn't make it through; I guess it was too big. Use a pastebin, or put it inline in the email? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Removing domain prefix from login

On 11/10/2011 10:06 PM, Alan Buxey wrote: Hi, As per the docs. This config item should not be used, and is causing things to break. umm, wasnt there a discussion recently in which with_ntdomain_hack = yes was going to be set by default in FR 3.x ? That was the option on the mschap module.

Re: Removing domain prefix from login

Hi, > As per the docs. This config item should not be used, and is causing > things to break. umm, wasnt there a discussion recently in which with_ntdomain_hack = yes was going to be set by default in FR 3.x ? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.h

Re: Removing domain prefix from login

On 10/11/11 16:53, Alejandro Gandara wrote: # This configuration entry SHOULD NOT be used. # See the "realms" module for a better way to handle # NT domains. with_ntdomain_hack = yes ^^^ As per the docs. This config item should not be used, and is causing things to break. Set this back to

Re: Removing domain prefix from login

2011/11/10 Phil Mayers > Ok, your debug says: > > rad_recv: Access-Request packet from host 172.20.40.11 port 1025, id=21, > length=218 >Framed-MTU = 1480 >NAS-IP-Address = 172.20.40.11 >NAS-Identifier = "SW-Priv-1-1" > >User-Name = "OPTARE\\brouco" > > # Executin

Re: Removing domain prefix from login

Ok, your debug says: rad_recv: Access-Request packet from host 172.20.40.11 port 1025, id=21, length=218 Framed-MTU = 1480 NAS-IP-Address = 172.20.40.11 NAS-Identifier = "SW-Priv-1-1" User-Name = "OPTARE\\brouco" # Executing section authorize from file /etc/fre

Re: Removing domain prefix from login

2011/11/10 Alan Buxey > Hi, > > > rad_recv: Access-Request packet from host 172.20.40.11 port 1025, id=21, > length=218 > > > > User-Name = "OPTARE\\brouco" > > I know this, thats why i need try to remove this prefix. At first i thought i could do with module/realm. But I didnt get good re

Re: Removing domain prefix from login

Hi, > rad_recv: Access-Request packet from host 172.20.40.11 port 1025, id=21, > length=218 > User-Name = "OPTARE\\brouco" all okaybut then: > # Executing section authorize from file /etc/freeradius/sites-enabled/default > +- entering group authorize {...} > ++[preprocess] returns

Re: Removing domain prefix from login

2011/11/10 Phil Mayers > On 10/11/11 08:15, Alejandro Gandara wrote: > >> Hi Alan, >> >> Thanks for your answers and excuse me for my english fill of mistakes. >> >> 2011/11/10 Alan DeKok > > >> >> >>Alejandro Gandara wrote: >> > I'm authenticating use

Re: Removing domain prefix from login

On 10/11/11 08:15, Alejandro Gandara wrote: Hi Alan, Thanks for your answers and excuse me for my english fill of mistakes. 2011/11/10 Alan DeKok mailto:al...@deployingradius.com>> Alejandro Gandara wrote: > I'm authenticating users in RADIUS against LDAP, if I login from > compu

Re: Removing domain prefix from login

Thanks for your answer. I think I've changed the following things to try to remove DOMAIN: ./modules/preprocess: with_ntdomain_hack = yes ./modules/mschap:with_ntdomain_hack = yes ./eap.conf: with_ntdomain_hack = yes I hope this could help, If you know more information I cou

Re: Removing domain prefix from login

Alejandro Gandara wrote: > This is my debug output: Well... you deleted a lot of the default configuration. It now doesn't work. I'm not sure why. Use the default configuration. It works. Change as little as possible. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freer

Re: Removing domain prefix from login

Hi Alan, Thanks for your answers and excuse me for my english fill of mistakes. 2011/11/10 Alan DeKok > Alejandro Gandara wrote: > > I'm authenticating users in RADIUS against LDAP, if I login from > > computer with 802.1x configured and users and password taken from domain > > automatic. Im ge

Re: Removing domain prefix from login

Alejandro Gandara wrote: > I'm authenticating users in RADIUS against LDAP, if I login from > computer with 802.1x configured and users and password taken from domain > automatic. Im getting wrong authenticated because the login has the > following chain. > > DOMAIN\\Users > > How can i avoid tha

Re: Removing domain prefix from login

Hi, >I'm authenticating users in RADIUS against LDAP, if I login from computer >with 802.1x configured and users and password taken from domain automatic. >Im getting wrong authenticated because the login has the following chain. > >DOMAIN\\Users > >How can i avoid that radius

Removing domain prefix from login

I'm authenticating users in RADIUS against LDAP, if I login from computer with 802.1x configured and users and password taken from domain automatic. Im getting wrong authenticated because the login has the following chain. DOMAIN\\Users How can i avoid that radius read the prefix? I've tried to