With_nt_domain_hack +XPSup +LDAP
Hi All, I'm trying to setup an XP supplicant that authenticates through my NAS to an OpenLDAP server. The problem is that the native authentication provided by MS shows the user as MYDOMAIN\\user or MYPC\\user. As a result, the LDAP searches fail to find this user. The radiusd.conf file shows with_nt_domain_hack as a way to strip this. I tried this and it works for MD5 but not for PEAP. With PEAP, there is a notification that the eap identity doesn't match. Can someone point me to how to correctly configure this? The radiusd.conf states to use the realm module instead of with_nt_domain_hack, but I couldn't figure out how to set it up properly. I apologize if this has been covered before. I searched but couldn't find anything definitive. An example would be greatly appreciated. Thanks, Corey Corey Dow Solution Test Center Engineer ProCurve Networking Hewlett-Packard Company 8000 Foothills Blvd. (MS 5549) Roseville, CA 95747 Tel : 1-916-785-8003
Dow, Corey wrote:
I'm trying to setup an XP supplicant that authenticates through my NAS to an OpenLDAP server. The problem is that the native authentication provided by MS shows the user as MYDOMAIN\\user or MYPC\\user. As a result, the LDAP searches fail to find this user.
The radiusd.conf file shows with_nt_domain_hack as a way to strip this. I tried this and it works for MD5 but not for PEAP. With PEAP, there is a notification that the eap identity doesn't match.
You can also try replacing the %{User-Name} text in the LDAP query with %{mschap:User-Name}. The MS-CHAP module will return the correct user name, *without* affecting anything else. Alan DeKok.
participants (2)
-
Alan DeKok -
Dow, Corey