Feeding an LDAP replyItem to an MS-CHAPv2 ntlm_auth request

[Alan DeKok]

Haas Florian wrote:
> The tricky part is that XP's
> supplicant, which supplies the username as "DOMAIN\\Username" while a user is
> logged on, supplies a username in the form of "host/computername.my.domain"
> otherwise -- this corresponds to the servicePrincipalName attribute on the
> machine's object in MSAD. This is of course a format that ntlm_auth can't deal
> with.

  Why not?  There's a reason that the ntlm_auth configuration is
editable in the mschap module.  Just edit it to do whatever you want.
If all else fails, replace ntlm_auth with a Perl script that looks at
the environment variables, and determines the proper arguments to use.

  Alan DeKok.
--
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog