On Thu, Aug 26, 2004 at 01:37:10PM -0400, Alan DeKok wrote: > > If I disable with_nt_domain_hack in preprocess, it passes the username > > on to ntlm_auth as DOMAIN\user, which fails. I would like the mschap > > module to strip the domain right before it sends it to ntlm_auth. That > > sounds like eap's with_ntdomain_hack should do, but that doesn't appear > > to be working. > > You can set up an "ntdomain" realm, or: > > ntlm_auth = "/path/to/ntlm_auth --username=%{mschap:User-Name} > > which will do the stripping of the domain name by itself. > > And no, it isn't documented anywhere. It should be.
That seems to be working. I haven't setup a realm because I'm not sure how that works in an environment where I'm not really proxying to another host. Maybe I'll set that up on a testbed box, but for now the %{mschap:User-Name} trick works. Thanks for the prompt response, % %Dave - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html