mschap machine authentication

Alan DeKok aland at
Thu Jul 20 17:15:15 CEST 2006

"Guillermo Vargas-DellaCasa" <gvargas-dellacasa at> wrote:
> I found out that this is because Windows supplicant send the machine
> name as "host/", and the mschap
> module of FreeRadius strip "quitelongmachinename" and use that when
> running ntlm_auth (it actually uses "quitelongmachinename$". But,
> ntlm_auth needs "quitelongmachin$" to work (i.e. only the first 15
> chars).

  Good point... that change should be made in the mschap module.

> I'm not a programmer so probably what's above is not the nicer way to
> get the idea done, but hey, it worked pretty well. Now machine
> authentication works no matter how long the machine name is. Thought I
> would share it...

  Thanks.  We'll put a patch into a future release.

  Alan DeKok.

More information about the Freeradius-Users mailing list