Dick
2005-Oct-02 13:52 UTC
[Samba] ntlm_auth with freeradius doesn't work when windows is automatically using the current username+password
Hi all,
I've configured FreeRADIUS for PEAP and I'm forwarding the NTLM
authentication
to our Windows Active Directory.
I'm using the following script to proxy the MSCHAPv2 NTLM credentials:
/usr/bin/ntlm_auth --helper-protocol=ntlm-server-1 >> /tmp/log <<
@EOF
Username: ${1/NTDOMAIN01\\\\}
Full-Username: ${1}
LANMAN-Challenge: ${2}
NT-Response: ${3}
.
@EOF
(This doesn't work for FreeRADIUS yet, but I'm doing this for the
logging data)
When I'm instructing the Windows supplicant to use the current credentials I
get the following error:
NTDOMAIN01\\eeto003 0c21e86b0baca9ea
7d7fe615f7d0d1a942e9c0ffb9a619b1be78ebf508e089d2
Authenticated: No
Authentication-Error: Wrong Password
.
When I tell windows to ask for my credentials and enter the username + password
+ domain it works:
Authenticated: Yes
.
Could someone please tell me what I might be doing wrong?
Is it 'normal' that I can't omit the Username (when the
Full-Username is
supplied)?
TIA
Dick
Andrew Bartlett
2005-Oct-03 04:17 UTC
[Samba] ntlm_auth with freeradius doesn't work when windows is automatically using the current username+password
On Sun, 2005-10-02 at 13:37 +0000, Dick wrote:> Hi all, > > I've configured FreeRADIUS for PEAP and I'm forwarding the NTLM authentication > to our Windows Active Directory.> Is it 'normal' that I can't omit the Username (when the Full-Username is > supplied)?You should have either 'Domain:' and 'Username:' or 'Full-Username', but not both. That's how it was intended to work, but frankly I'm not surprised if I left bugs in there, and am happy to work on fixing this up. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Samba Developer, SuSE Labs, Novell Inc. http://suse.de Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20051003/8b5036bd/attachment.bin