The last piece of the puzzle - XP host authentication

[East, Bill]

> -----Original Message-----
> From: freeradius-users-bounces+eastb=pffcu.org at lists.freeradius.org [mailto:freeradius-users-
> bounces+eastb=pffcu.org at lists.freeradius.org] On Behalf Of Alan Buxey
> Sent: Monday, April 18, 2011 3:54 PM
> To: FreeRadius users mailing list
> Subject: Re: The last piece of the puzzle - XP host authentication
> 
> hi,
> 
> your User-Name is going from a sane value 'host/LP-0010.myorg.org'
> to just '/LP-0010.myorg.org'  - are you playing around with hints?
> you dont need to remove the host/ part - in fact, messing with the User-Name will cause EAP to
> break...especially when a windows machine is involved. if you are authing against AD then you
> actually need to keep the entry as host/LP-0010.myorg.org - the ntlm_auth part should deal with
> it... the required '$' ending will be there :-)

Right you are, I forgot to back that out from my experimentation:

:/etc/raddb# diff hints ../raddb.clean/hints
36d35
< DEFAULT Prefix == "host", Strip-User-Name = Yes

You know, looking at other changes I've made I've just realized I need to take a step back. Specifically, I could not get "ntdomain" working, so I had turned on nt_domain_hack. I've turned it back off, so now login/enable authentication is working but port auth is not. I'm going to have to work on that some more. Dammit.

-- 
be

XIV:
	After the year 2015, there will be no airplane crashes.  There will
	be no takeoffs either, because electronics will occupy 100 percent
	of every airplane's weight.



This E-mail, along with any attachments, is considered confidential and may well be legally privileged. If you have received it in error, you are on notice of its status. Please notify us immediately by reply e-mail or call 215-931-0300 / 800-228-8801 and then delete this message from your system. Please do not copy it or use it for any purposes, or disclose its contents to any other person. Thank you for your cooperation.