[strongSwan] Authentication against Linux Users
Tobias Brunner
tobias at strongswan.org
Wed May 16 10:57:37 CEST 2018
Hi Pete,
> I am trying to get NTLM hashes stored in LDAP to be authenticated via eap-radius. However, when I connect a Windows client (7 or 10), I see this type of failure in the freeradius logs:
>
> radius3 freeradius[23803]: Login Incorrect: [\\300\\250z+/] from client vpn01 (mac=, cli=[IP deleted][4500], port=ikev2-mschapv2)
>
> An incorrect login would normally have the form of:
>
> Login Incorrect: [username/badpassword]
>
> Any idea why Windows (or Strongswan) is sending garbage for the username/password?
Nope (you asked that a while ago already). With eap-radius strongSwan
simply forwards EAP messages between client and RADIUS server, so you
might want to debug FreeRADIUS ([1], [2]) to see more about what happens
and/or ask on the FreeRADIUS mailing list about this.
Regards,
Tobias
[1] https://freeradius.org/radiusd/man/radiusd.html
[2] https://freeradius.org/radiusd/man/raddebug.html
More information about the Users
mailing list