[ale] Freeradius, MSCHAP, and Active Directory
James Sumners
james.sumners at gmail.com
Thu Feb 26 12:33:56 EST 2015
The #freeradius channel is less than helpful, and I'm not keen on the
responses I see in the users mailing list (plus I don't want to sign up for
yet another one). So I'm hoping someone on this list has the answer I need:
I'm setting up a Freeradius server that authenticates supplicants against
an Active Directory system. I have ntlm_auth work, and I can authenticate
via Freeradius. So, if I have a user "Jane Doe" with a username "jdoe" then
a typical Windows auth request will succeed. That is, the username
"foobar\jdoe" will be split into "domain = foobar" and "username = jdoe",
and the ntlm_auth will work just fine.
However, when I have a user like "Tom Doe" with a username like "tdoe" then
Windows will send "foobar\tdoe" as the username. When I watch the
Freeradius debug output I can see in the mschap processing that it gets a
username "foobar doe" sent to it. That clearly won't work.
Does anyone know how to prevent Freeradius from mangling the name by
interpreting escape sequences?
--
James Sumners
http://james.sumners.info/ (technical profile)
http://jrfom.com/ (personal site)
http://haplo.bandcamp.com/ (band page)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20150226/bc8010af/attachment.html>
More information about the Ale
mailing list