Remove with_ntdomain_hack in rlm_mschap?
p.mayers at imperial.ac.uk
Wed Oct 26 22:23:41 CEST 2011
Does this config option make any sense? Shouldn't it always be on?
The only thing it controls is the username to feed into the MS-CHAP
challenge generation, and AFAICT from RFC 2759, we should *always*
ignore DOM\ for that. Certainly windows does.
I found this out today - if you have "with_ntdomain_hack = no", ticking
the "Use my windows credentials" box for wired/wireless 802.1x login
doesn't work with a default FR config.
Perhaps we should remove it for 3.x?
More information about the Freeradius-Devel