Hi, 2009/6/2 <A.L.M.Buxey@lboro.ac.uk>
ah! multiple remote domains - not in a forest of trust?
All in the same Forest & Tree, yes - but it still appears to be unhappy as it can't work out which the domain the $PCNAME$ machine lives in.
I can't really see anyway to resolve this, other than moddifing the ntlm_auth line based on some unlang logic to cut out the uk, us, and au bit from the "X.mycompany.local" supplied domain name in the "host/" username. Is this even possible though??
that could work....hmm something along the lines of
if (%{User-Name} =~ /.domain.wanted/({ ntlm_auth blah blah --domain DOMAINWANTED }
etc etc so ntlm_auth gets fired off with the right stuff...no playing with User-Name
Sounds good - I'll give this logic a go... Where best to place this bit of Unlang? In the inner-tunnel Authorization stanza, before ms-chap? Would I need to repeat in the Authentication MS-CHAP bit too, or does it get set at the beginning of the "request session" and follow all the way though. Suppose I could just get on and try it out! Many thanks for your help. Rupert