Michael Griego <[EMAIL PROTECTED]> wrote: > > You should be > > Jim Seymour wrote: > > Willem Eradus <[EMAIL PROTECTED]> wrote: > >> > >># > >>#with_ntdomain_hack = no > > > > > > I tried that. Made no discernable difference. > > Be sure you're using the with_ntdomain_hack in the mschap module > configuration, NOT the one in the preprocess module configuration.
Tried one, the other, and both. Using separate creds in 'doze, I get this in the -X output: rlm_passwd: Added LM-Password: 'users LM password' to config_items rlm_passwd: Added NT-Password: 'users NT password' to config_items rlm_passwd: Added SMB-Account-CTRL-TEXT: '[U ]' to config_items rlm_passwd: Adding "Auth-Type = MS-CHAP" modcall[authorize]: module "etc_smbpasswd" returns ok for request 0 Using WinXP's login info, I see none of that. Instead I get: modcall[authorize]: module "etc_smbpasswd" returns notfound for request 0 Next test: I reconfigured the XP box for separate, manually-entered creds again, entered a correct username, but invalid password. Again I got: rlm_passwd: Added LM-Password: 'users LM password' to config_items rlm_passwd: Added NT-Password: 'users NT password' to config_items rlm_passwd: Added SMB-Account-CTRL-TEXT: '[U ]' to config_items rlm_passwd: Adding "Auth-Type = MS-CHAP" modcall[authorize]: module "etc_smbpasswd" returns ok for request 0 So clearly that output indicates a successful username match, and just as clearly, setting "with_ntdomain_hack = yes" in the mschap module does not strip the leading "GARBAGE\" stuff. Ghod I just love 'doze :/ Jim -- Note: My mail server employs *very* aggressive anti-spam filtering. If you reply to this email and your email is rejected, please accept my apologies and let me know via my web form at <http://jimsun.linxnet.com/scform.php>. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html