# with_ntdomain_hack

King, Michael MKing at bridgew.edu
Wed May 10 22:11:45 CEST 2006

```Try this ntlm_auth string (Watch for page breaks in email)

ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
e} --nt-response=%{mschap:NT-Response}

> -----Original Message-----
> From:
> g
> adius.org] On Behalf Of Chris Liles
> Sent: Wednesday, May 10, 2006 3:51 PM
> To: FreeRadius users mailing list
> Subject: RE: with_ntdomain_hack
>
> You are right, it was that I was lowercasing the username
> before authentication...
> After I turned that off, I am getting further, it still
> doesn't work and I believe it is because of a problem with
> "Stripped-User-Name" and ntlm_auth
>
> ntlm_auth is getting called with the entire username
> "DOMAIN\user" and not "user" I don't understand why, as in
> the config file it says:
>
> I didn't edit that part of the ntlm_auth line, just corrected
> the path..
> I know this is a problem because when I use ntlm_auth from
> the command line I can't use --username=DOMAIN\user I have to
>
> I hacked up the line to just say %{Stripped-User-Name} but
> that value must be null or something, because then ntlm_auth
>
> Any thoughts as to why I can't get the DOMAIN\ stripped when
> calling ntlm_auth
>
> Thanks!
>
> --
> Chris Liles
> System Analyst
> Air2Web, Inc.
> 1230 Peachtree St. N.E.
> 12th Floor
> Atlanta, GA 30309
>
>
> -----Original Message-----
> From:
> ius.org
> .freeradius.org] On Behalf Of King, Michael
> Sent: Wednesday, May 10, 2006 3:39 PM
> To: FreeRadius users mailing list
> Subject: RE: with_ntdomain_hack
>
>
>
> > -----Original Message-----
> > I can't seem to figure out how to get with_ntdomain_hack set
> > correctly.
> >
> > I am trying to get peap going against active directory with winbind.
> >
> > It works if I enter in the username and password from the windows
> > supplicant prompt, but when I set the supplicant to send the
> > information automatically it is appending the domain\ onto the
> > username, and I can't get it to work?
> >
>
>
> I don't think it's the ntdomain hack that is the problem (It
> should be on, and I'm only aware of it being located in the
> radiusd.conf file, just above the ntlm_auth line
>
> I'd double check that your Samba config is correct.
>
> -
> List info/subscribe/unsubscribe? See