Hi,
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{%{mschap:User-Name}:-00} --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} --domain=%{%{mschap:NT-Domain}:-CFS.UOGUELPH.CA} --challenge=%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00}"
If I understand correctly from other posts, if client specify a domain name, it will use that domain name regardless of the ntlm_auth configuration?
no. --domain=%{%{mschap:NT-Domain}:-CFS.UOGUELPH.CA} this means, set domain to be the value of NT-Domain from MSCHAP....and if no such value exists (as provided by the client), then set it to be CFS.UOGUELPH.CA instead. the docs are clear on how this works
As far as the client side, it is configured with cfs.uoguelph.ca domain, I am sure why it would use domain cfs. Are there any other places to check for the domain being used by machine auth?
no. its windows and windows does weird and interesting things regarding domains...it probably knows that its in uoguelph.ca and so is removing that part. anyway, just remove the option. alan