On Thu, Aug 26, 2004 at 01:37:10PM -0400, Alan DeKok wrote:
> > If I disable with_nt_domain_hack in preprocess, it passes the username
> > on to ntlm_auth as DOMAIN\user, which fails. I would like the mschap
> > module to strip the domain right before it sends it to ntlm_auth. That
> > sounds like eap's with_ntdomain_hack should do, but that doesn't appear
> > to be working.
>
> You can set up an "ntdomain" realm, or:
>
> ntlm_auth = "/path/to/ntlm_auth --username=%{mschap:User-Name}
>
> which will do the stripping of the domain name by itself.
>
> And no, it isn't documented anywhere. It should be.
That seems to be working. I haven't setup a realm because I'm not sure
how that works in an environment where I'm not really proxying to
another host. Maybe I'll set that up on a testbed box, but for now the
%{mschap:User-Name} trick works. Thanks for the prompt response,
%
%Dave
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
