NTLM Auth Help

Rupert Finnigan rupert.finnigan at googlemail.com
Thu Jun 4 21:57:05 CEST 2009


Hi All,

After a bit of investigation and playing, I've made some changes to the
rlm_mschap module that seems to have fixed my problem. It now no longer
"trims" the machine authentication domain name, and so based on the
ntlm_auth line from Alan DeKok's How-To on deployingradius.org will handle
both machine and user authentication from any Windows supplicant doing PEAP
from any domain or child domain on my network. In theory, this should be
applicable to all other MS Windows AD environments, regardless of their
internal naming structure. Obviously, although with makes theoretical sense
and works for my environment, it needs more testing...

I've attached a patch based on the diff of my two source files.

Many thanks to Alan Buxey and John Dennis for your help.

Rupert
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090604/50ca4251/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: rlm_mschap.patch
Type: application/octet-stream
Size: 450 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090604/50ca4251/attachment.obj>


More information about the Freeradius-Users mailing list