> These look like MS-CHAP machine-auth usernames; have you > considered using: > > %{mschap:User-Name} > %{mschap:NT-Domain} > > The mschap module has special handling for host/ names, and > these will > expand: > > host/name.domain.com > > to: > > name$ > domain.com > > The trailing dollar sign on the hostname is intentional; SAM account > names for machines conventionally end in $ in windows.
I'm aware of all of this. The problem is, it doesn't seem to be actually working. Here's the ntlm_auth command I'm using: ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name} --domain=%{mschap:NT-Domain} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}" Note use of "%{mschap:User-Name}" and "%{mschap:NT-Domain}". Despite this, "host/computer.domain" login attempts always fail. Hence, trying to do the translation manually via a regex and update clauses. --J - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html