freeradius 2 character delimiter in realm problem

Thu Apr 12 17:32:23 CEST 2007

Hello, I am researching my current problem with freeradius not authenticating.

The user is rejected because the name is not found, our AD (w2k3)
sends usernames to freeradius in this format "domainname\\username".

I have tried enabling the nt hack under the ldap section with no luck.

reading through the comments in /etc/raddb/radiusd.conf under the ldap
module section I found this though.

       #  Four config options:
       #       format         -  must be 'prefix' or 'suffix'
       #       delimiter      -  must be a single character
       #       ignore_default -  set to 'yes' or 'no'
       #       ignore_null    -  set to 'yes' or 'no'

and the setting for realmntdomain

       #
       #  'domain\user'
       #
       realm ntdomain {
               format = prefix
               delimiter = "\\"
               ignore_default = no
               ignore_null = no
       }

so this leads me to two questions.

1 Is \\ actually \ escaped ?
2 can you have 2 character delimiters (despite what the config comments claim)

Cheers for any info.