On Feb 19, 2009, at 11:11 AM, Tomas wrote:
Do I need to change my modules/mschap config? Currently I have: ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=% {Stripped-User-Name:-%{User-Name:-None}} --challenge=% {mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
As Ivan eluded to earlier, you need to use '--username=%{mschap:User- Name}' in your ntlm_auth command-line. The mschap module automagically turns 'host/PC1.ad.lab.com' into 'PC1$', (the username that AD uses to authenticate the machine). You may also need to specify the domain with '--domain=%{mschap:NT-Domain}'. Mike Loosbrock Bethel University Network Services 651-638-6723 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html