With_nt_domain_hack +XPSup +LDAP

Alan DeKok aland at deployingradius.com
Wed Dec 19 10:12:52 CET 2007

Dow, Corey wrote:
> I'm trying to setup an XP supplicant that authenticates through my NAS to an OpenLDAP server. The problem is that the native authentication provided by MS shows the user as MYDOMAIN\\user or MYPC\\user.  As a result, the LDAP searches fail to find this user.
> The radiusd.conf file shows with_nt_domain_hack as a way to strip this.  I tried this and it works for MD5 but not for PEAP.  With PEAP, there is a notification that the eap identity doesn't match.

  You can also try replacing the %{User-Name} text in the LDAP query
with %{mschap:User-Name}.  The MS-CHAP module will return the correct
user name, *without* affecting anything else.

  Alan DeKok.

More information about the Freeradius-Users mailing list