Remove with_ntdomain_hack in rlm_mschap?

Alan DeKok aland at
Thu Oct 27 08:02:57 CEST 2011

Phil Mayers wrote:
> Does this config option make any sense? Shouldn't it always be on?

  I really have no idea....

> The only thing it controls is the username to feed into the MS-CHAP
> challenge generation, and AFAICT from RFC 2759, we should *always*
> ignore DOM\ for that. Certainly windows does.

  If Windows does it...

> I found this out today - if you have "with_ntdomain_hack = no", ticking
> the "Use my windows credentials" box for wired/wireless 802.1x login
> doesn't work with a default FR config.
> Perhaps we should remove it for 3.x?

  I'm OK with that.

  Alan DeKok.

More information about the Freeradius-Devel mailing list