[strongSwan] Authentication against Linux Users

Tobias Brunner tobias at strongswan.org
Wed May 16 10:57:37 CEST 2018

Hi Pete,

> I am trying to get NTLM hashes stored in LDAP to be authenticated via eap-radius.  However, when I connect a Windows client (7 or 10), I see this type of failure in the freeradius logs:
>      radius3 freeradius[23803]: Login Incorrect: [\\300\\250z+/] from client vpn01 (mac=, cli=[IP deleted][4500], port=ikev2-mschapv2)
> An incorrect login would normally have the form of:
>      Login Incorrect: [username/badpassword]
> Any idea why Windows (or Strongswan) is sending garbage for the username/password?

Nope (you asked that a while ago already).  With eap-radius strongSwan
simply forwards EAP messages between client and RADIUS server, so you
might want to debug FreeRADIUS ([1], [2]) to see more about what happens
and/or ask on the FreeRADIUS mailing list about this.


[1] https://freeradius.org/radiusd/man/radiusd.html
[2] https://freeradius.org/radiusd/man/raddebug.html

More information about the Users mailing list