FreeRadius 3 and groups

edited June 2022 in General
I have configured MultiOTP 5.8.2.1 and FreeRadius 3 for a firewall access, and it's working fine for my test user. However, when I assign a group to the user, and I receive a reject: (0) multiotpmschap: Program returned code (0) and output 'Filter-Id += "xyz",NT_KEY: 087A06B8319E21E207111468C19E1F0A ' (0) multiotpmschap: ERROR: Invalid output from ntlm_auth: expecting 'NT_KEY: ' prefix (0) multiotpmschap: ERROR: MS-CHAP2-Response is incorrect The following are set: multiotp -config group-attribute="Filter-Id" multiotp -config ldap-in-group="xyz" multiotp -set user group="xyz" There are posts suggesting that the response from MultiOTP ('Filter-Id += "xyz",NT_KEY: 087A06B8319E21E207111468C19E1F0A ') is not valid for FreeRadius 3, but may have worked with FreeRadius 2. Any workarounds? Thanks.

Comments

  • Hello, The new option -nt-key-only has been added, and the FreeRADIUS 3 configuration has been modified in order to use this new option with MS-CHAP (group attribution is not returned by the FreeRADIUS 3 anymore when using MS-CHAP). Workaround if you want the group attribution to be returned: use the Perl authentication wrapper instead.
This discussion has been closed.