Michael, Unforunately, the "with_ntdomain_hack" will indeed break proper eap checking. There is another way to accomplish what you're wanting though while keeping the security that patch provides. Instead of using with_ntdomain_hack, try this. If you're just wanting to completely discard the domain portion, try setting the hints file with the following:
DEFAULT Prefix = "<YOUR_DOMAIN>\", Strip-User-Name = Yes Hint = <YOUR_DOMAIN> Then you can use the Stripped-User-Name attribute in your authorization checks. This will also leave the original User-Name attribute alone, so it will match the EAP Identity (as it should). If, on the other hand, you're wanting to know the domain, try setting up prefix realms to match the domains and use the \ character as the delimiter. This way, you will also have the Stripped-User-Name attribute to check on as above while leaving the original User-Name as it (and therefore matching the EAP Identity). It's better to work with the security code than to remove it. :) -- --Mike ---------------------------------- Michael Griego Wireless LAN Project Manager The University of Texas at Dallas On Fri, 2004-01-16 at 17:32, Michael Gernoth wrote: > The report was from a CVS checkout this morning. I just did a > cvs update and recompiled, but it did not solve the problem. > When looking at eap.c, your patch from November is already > applied. > > After commenting the offending part out (and fixing PEAP), I > get authenticated... > Below is what I did to get it working. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html