Hi,
I have configured everything and gotten free radius to authenticate off /etc/samba/smbpasswd via the etc_smbpasswd module. The problem I have run into is when I switch the securew2 windows xp eap-ttls client to use the current logged on user credentials. Then, SecureW2 sends the username in the format of DOMAIN/user (which in this case is HTN/josh). Authentication then fails because of this extra domain part in the user. Ok fine, I first enable the nt_domain_hack in the mschap module then I configured realm ntdomain and simply set a default realm in proxy.conf to strip off the domain part. Nope, that fails (output will be included below). I also tried nostrip but that also fails obviously. Also tried silently stripping the domain in pre-process in radiusd.conf. Auth is successful but finally rejected because the user doesnt match the original HTN/josh user sent.
you need to look at using the Sripped-User-Name rather than just the User-Name (because that contains the REALM/ stuff). alternatively, you can specify in proxy.conf to proxy anything with REALM/ to your RADIUS server with realm stripping on - this should send the request back to your server with just User-Name plain.. but its not clean. As Alan DeKok states, this sort of thing is very nice in 2.x FreeRADIUS, it just works(tm) alan