> These look like MS-CHAP machine-auth usernames; have you
> considered using:
>
> %{mschap:User-Name}
> %{mschap:NT-Domain}
>
> The mschap module has special handling for host/ names, and
> these will
> expand:
>
> host/name.domain.com
>
> to:
>
> name$
> domain.com
>
> The trailing dollar sign on the hostname is intentional; SAM account
> names for machines conventionally end in $ in windows.
I'm aware of all of this. The problem is, it doesn't seem to be actually
working. Here's the ntlm_auth command I'm using:
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name}
--domain=%{mschap:NT-Domain} --challenge=%{mschap:Challenge:-00}
--nt-response=%{mschap:NT-Response:-00}"
Note use of "%{mschap:User-Name}" and "%{mschap:NT-Domain}". Despite this,
"host/computer.domain" login attempts always fail. Hence, trying to do the
translation manually via a regex and update clauses.
--J
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
