From 67ff6ce23ba06ec992a8e2c828687c1476583cd9 Mon Sep 17 00:00:00 2001 From: Durand Fabrice Date: Mon, 22 Apr 2024 15:44:21 -0400 Subject: [PATCH] Removed PacketFence-NTLMv2-Only in mschap.conf --- conf/radiusd/mschap.conf.example | 6 +++--- raddb/mods-config/perl/packetfence-multi-domain.pm | 2 -- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/conf/radiusd/mschap.conf.example b/conf/radiusd/mschap.conf.example index 595e4c2f6380..3a0a75c0ca73 100644 --- a/conf/radiusd/mschap.conf.example +++ b/conf/radiusd/mschap.conf.example @@ -243,7 +243,7 @@ mschap chrooted_mschap { # Call ntlm_auth through the logging wrapper. Make sure to preserve the -- separator to distinguish between # the args to the wrapper and those to the ntlm_auth executable itself ntlm_auth = "/usr/local/pf/bin/ntlm_auth_wrapper -p [% statsd_port %] -a %{PacketFence-NTLM-Auth-Host} -t %{PacketFence-NTLM-Auth-Port} -- \ -         --request-nt-key --mac=%{%{Calling-Station-Id}:-''} --username=%{%{control:AD-Samaccountname}:-%{%{Stripped-User-Name}:-%{mschap:User-Name:-None}}} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00} %{PacketFence-NTLMv2-Only}" +         --request-nt-key --mac=%{%{Calling-Station-Id}:-''} --username=%{%{control:AD-Samaccountname}:-%{%{Stripped-User-Name}:-%{mschap:User-Name:-None}}} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}" # The default is to wait 10 seconds for ntlm_auth to # complete. This is a long time, and if it's taking that @@ -386,7 +386,7 @@ mschap chrooted_mschap_machine { require_strong = yes ntlm_auth = "/usr/local/pf/bin/ntlm_auth_wrapper -p [% statsd_port %] -a %{PacketFence-NTLM-Auth-Host} -t %{PacketFence-NTLM-Auth-Port} -- \ -         --request-nt-key --mac=%{%{Calling-Station-Id}:-''} --username=%{%{control:AD-Samaccountname}:-%{mschap:User-Name:-None}} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00} %{PacketFence-NTLMv2-Only}" +         --request-nt-key --mac=%{%{Calling-Station-Id}:-''} --username=%{%{control:AD-Samaccountname}:-%{mschap:User-Name:-None}} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}" allow_retry = no @@ -399,7 +399,7 @@ mschap mschap_machine { require_encryption = yes require_strong = yes ntlm_auth = "/usr/local/pf/bin/ntlm_auth_wrapper -p [% statsd_port %] -a %{PacketFence-NTLM-Auth-Host} -t %{PacketFence-NTLM-Auth-Port} -- \ -         --request-nt-key --mac=%{%{Calling-Station-Id}:-''} --username=%{%{control:AD-Samaccountname}:-%{mschap:User-Name:-None}} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00} %{PacketFence-NTLMv2-Only}" +         --request-nt-key --mac=%{%{Calling-Station-Id}:-''} --username=%{%{control:AD-Samaccountname}:-%{mschap:User-Name:-None}} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}" allow_retry = no ntlm_auth_timeout = 3 } diff --git a/raddb/mods-config/perl/packetfence-multi-domain.pm b/raddb/mods-config/perl/packetfence-multi-domain.pm index 3194af682315..bf6f7d40ab26 100644 --- a/raddb/mods-config/perl/packetfence-multi-domain.pm +++ b/raddb/mods-config/perl/packetfence-multi-domain.pm @@ -81,7 +81,6 @@ sub authorize { #use Data::Dumper; #&radiusd::radlog($RADIUS::L_INFO, Dumper($realm)); - $RAD_REQUEST{"PacketFence-NTLMv2-Only"} = ''; $RAD_REQUEST{"PacketFence-NTLM-Auth-Host"} = ''; $RAD_REQUEST{"PacketFence-NTLM-Auth-Port"} = ''; @@ -90,7 +89,6 @@ sub authorize { $RAD_REQUEST{"PacketFence-Domain"} = $realm_config->{domain}; $RAD_REQUEST{"PacketFence-NTLM-Auth-Host"} = $multi_domain_constants::ConfigDomain{$realm_config->{domain}}->{ntlm_auth_host}; $RAD_REQUEST{"PacketFence-NTLM-Auth-Port"} = $multi_domain_constants::ConfigDomain{$realm_config->{domain}}->{ntlm_auth_port}; - $RAD_REQUEST{"PacketFence-NTLMv2-Only"} = ''; }