NTLM Auth Help
Rupert Finnigan
rupert.finnigan at googlemail.com
Tue Jun 2 22:23:31 CEST 2009
Hi,
2009/6/2 <A.L.M.Buxey at lboro.ac.uk>
>
> ah! multiple remote domains - not in a forest of trust?
>
All in the same Forest & Tree, yes - but it still appears to be unhappy as
it can't work out which the domain the $PCNAME$ machine lives in.
>
> > I can't really see anyway to resolve this, other than moddifing the
> > ntlm_auth line based on some unlang logic to cut out the uk, us, and au
> bit
> > from the "X.mycompany.local" supplied domain name in the "host/"
> username.
> > Is this even possible though??
>
> that could work....hmm something along the lines of
>
> if (%{User-Name} =~ /.domain.wanted/({
> ntlm_auth blah blah --domain DOMAINWANTED
> }
>
> etc etc so ntlm_auth gets fired off with the right stuff...no playing
> with User-Name
Sounds good - I'll give this logic a go... Where best to place this bit of
Unlang? In the inner-tunnel Authorization stanza, before ms-chap? Would I
need to repeat in the Authentication MS-CHAP bit too, or does it get set at
the beginning of the "request session" and follow all the way though.
Suppose I could just get on and try it out!
Many thanks for your help.
Rupert
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090602/46405ecd/attachment.html>
More information about the Freeradius-Users
mailing list