[strongSwan] Authentication against Linux Users
tobias at strongswan.org
Wed May 16 10:57:37 CEST 2018
> I am trying to get NTLM hashes stored in LDAP to be authenticated via eap-radius. However, when I connect a Windows client (7 or 10), I see this type of failure in the freeradius logs:
> radius3 freeradius: Login Incorrect: [\\300\\250z+/] from client vpn01 (mac=, cli=[IP deleted], port=ikev2-mschapv2)
> An incorrect login would normally have the form of:
> Login Incorrect: [username/badpassword]
> Any idea why Windows (or Strongswan) is sending garbage for the username/password?
Nope (you asked that a while ago already). With eap-radius strongSwan
simply forwards EAP messages between client and RADIUS server, so you
might want to debug FreeRADIUS (, ) to see more about what happens
and/or ask on the FreeRADIUS mailing list about this.
More information about the Users