Closed dandanpena closed 2 years ago
The expansions %{mschap:NT-Domain}
expansion gets the NT domain, e.g. NTDOMAIN\user
. It doesn't get the domain name, e.g. user@example.com
.
If you want to use both, see the file mods-available/realms
, and the proxy.conf
file. You can configure NTDOMAIN
and example.com
as both local realms. Then also uncomment ntdomain
in sites-available/default
.
The server will split the User-Name
into a Stripped-User-Name
portion, and a Realm
portion. And you won't need to use %{mschap:NT-Domain}
.
In short, the server is worked as documented, and as intended. If you want different behavior, there are simple ways to get that behavior.
Hi Alan,
I already use both NTDOMAIN and SUFFIX uncommented. For some reason, SUFFIX sets realm only, NTDOMAIN sets realm and NT-Domain So, if my users put their username as @.***, I get that error.
maybe it 's mschap... even if I set MPDFTMPBR as default in that expansion as you may see in logs
Em qui., 5 de mai. de 2022 às 04:01, Alan DeKok @.***> escreveu:
The expansions %{mschap:NT-Domain} expansion gets the NT domain, e.g. NTDOMAIN\user. It doesn't get the domain name, e.g. @.***
If you want to use both, see the file mods-available/realms, and the proxy.conf file. You can configure NTDOMAIN and example.com as both local realms. Then also uncomment ntdomain in sites-available/default.
The server will split the User-Name into a Stripped-User-Name portion, and a Realm portion. And you won't need to use %{mschap:NT-Domain}.
In short, the server is worked as documented, and as intended. If you want different behavior, there are simple ways to get that behavior.
— Reply to this email directly, view it on GitHub https://github.com/FreeRADIUS/freeradius-server/issues/4491#issuecomment-1118234270, or unsubscribe https://github.com/notifications/unsubscribe-auth/ANUMQAAQR4XNFVK66WG3W33VINW4NANCNFSM5VCV4Z3A . You are receiving this because you authored the thread.Message ID: @.***>
What type of defect/bug is this?
Unexpected behaviour (obvious or verified by project member)
How can the issue be reproduced?
Log message works when using username pattern DOMAIN\user, but if username has pattern like user@domain.com or just user wrong message is sent to log file.
note that I used a default value for NT-Domain not set %{%{mschap:NT-Domain}:-MPDFTMPBR} I understand debug message "mschap: ERROR: No NT-Domain was found in the User-Name" because user name is in fact missing nt domain, but as I configured MPDFTMPBR as default value, log message should write correct output for mschap.
Log output from the FreeRADIUS daemon
Relevant log output from client utilities
No response
Backtrace from LLDB or GDB
No response