"Dourty, Brian R. (IATS)" <[EMAIL PROTECTED]> wrote: > To clarify things here, the --domain and --username arguments are right, > but the --challenge argument is incorrect.
Ah, OK. > The username being used in this function still contains the DOMAIN! This > is what is keeping the auth from working. I've added debug statements to > my code. Its using the domain/user. This won't work. Then the "with_ntdomain_hack" should be set... > I can't change the client. I can change freeradius. The client presents > freeradius with a domain/username. We all know that is the case. Yes, that's a problem. The client is *lying* to FreeRADIUS. > The challenge and nt-response are both hashes based in part on the > username. The username that freeradius uses when it generates these > hashes is the full username, not the stripped username. This is what is > causing my problem. > > Now, the question is how to go about fixing the problem. Theoretically, using "with_ntdomain_hack" should help. Hmm... the code you pointed out does appear to ignore "with_ntdomain_hack". I'll fix that. See tomorrow's CVS snapshot. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html