Removed PacketFence-NTLMv2-Only in mschap.conf

inverse-inc · Apr 22, 2024 · 67ff6ce · 67ff6ce
1 parent c042d0a
commit 67ff6ce
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 5 deletions.
diff --git a/conf/radiusd/mschap.conf.example b/conf/radiusd/mschap.conf.example
@@ -243,7 +243,7 @@ mschap chrooted_mschap {
     # Call ntlm_auth through the logging wrapper. Make sure to preserve the -- separator to distinguish between
     # the args to the wrapper and those to the ntlm_auth executable itself
     ntlm_auth = "/usr/local/pf/bin/ntlm_auth_wrapper -p [% statsd_port %] -a %{PacketFence-NTLM-Auth-Host} -t %{PacketFence-NTLM-Auth-Port} -- \
-         --request-nt-key --mac=%{%{Calling-Station-Id}:-''} --username=%{%{control:AD-Samaccountname}:-%{%{Stripped-User-Name}:-%{mschap:User-Name:-None}}} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00} %{PacketFence-NTLMv2-Only}"
+         --request-nt-key --mac=%{%{Calling-Station-Id}:-''} --username=%{%{control:AD-Samaccountname}:-%{%{Stripped-User-Name}:-%{mschap:User-Name:-None}}} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
 
 	# The default is to wait 10 seconds for ntlm_auth to
 	# complete.  This is a long time, and if it's taking that
@@ -386,7 +386,7 @@ mschap chrooted_mschap_machine {
 
         require_strong = yes
         ntlm_auth = "/usr/local/pf/bin/ntlm_auth_wrapper -p [% statsd_port %] -a %{PacketFence-NTLM-Auth-Host} -t %{PacketFence-NTLM-Auth-Port} -- \
-             --request-nt-key --mac=%{%{Calling-Station-Id}:-''} --username=%{%{control:AD-Samaccountname}:-%{mschap:User-Name:-None}} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00} %{PacketFence-NTLMv2-Only}"
+             --request-nt-key --mac=%{%{Calling-Station-Id}:-''} --username=%{%{control:AD-Samaccountname}:-%{mschap:User-Name:-None}} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
 
 
         allow_retry = no
@@ -399,7 +399,7 @@ mschap mschap_machine {
         require_encryption = yes
         require_strong = yes
         ntlm_auth = "/usr/local/pf/bin/ntlm_auth_wrapper -p [% statsd_port %] -a %{PacketFence-NTLM-Auth-Host} -t %{PacketFence-NTLM-Auth-Port} -- \
-             --request-nt-key --mac=%{%{Calling-Station-Id}:-''} --username=%{%{control:AD-Samaccountname}:-%{mschap:User-Name:-None}} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00} %{PacketFence-NTLMv2-Only}"
+             --request-nt-key --mac=%{%{Calling-Station-Id}:-''} --username=%{%{control:AD-Samaccountname}:-%{mschap:User-Name:-None}} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
         allow_retry = no
 	ntlm_auth_timeout = 3
 }

diff --git a/raddb/mods-config/perl/packetfence-multi-domain.pm b/raddb/mods-config/perl/packetfence-multi-domain.pm
@@ -81,7 +81,6 @@ sub authorize {
 
     #use Data::Dumper;
     #&radiusd::radlog($RADIUS::L_INFO, Dumper($realm));
-    $RAD_REQUEST{"PacketFence-NTLMv2-Only"} = '';
     $RAD_REQUEST{"PacketFence-NTLM-Auth-Host"} = '';
     $RAD_REQUEST{"PacketFence-NTLM-Auth-Port"} = '';
 
@@ -90,7 +89,6 @@ sub authorize {
         $RAD_REQUEST{"PacketFence-Domain"} = $realm_config->{domain};
         $RAD_REQUEST{"PacketFence-NTLM-Auth-Host"} = $multi_domain_constants::ConfigDomain{$realm_config->{domain}}->{ntlm_auth_host};
         $RAD_REQUEST{"PacketFence-NTLM-Auth-Port"} = $multi_domain_constants::ConfigDomain{$realm_config->{domain}}->{ntlm_auth_port};
-        $RAD_REQUEST{"PacketFence-NTLMv2-Only"} = '';
     }