NTLM Auth Help
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Tue Jun 2 20:09:04 CEST 2009
Hi,
> We pass hostname$ to ntlm_auth by rewriting the User-Name attribute as
> follows:
>
>
>
> attr_rewrite machine_UserName {
>
> attribute = User-Name
>
> searchin = packet
>
> searchfor = "^host/(.*).domain.name"
>
> replacewith = "%{1}$"
>
> ignore_case = yes
>
> new_attribute = no
>
> max_matches = 1
>
> append = no
>
> }
>
>
>
> To change from host/hostname.domain.name to hostname$. Then, include
> machine_UserName in the authorize and authenticate sections before
> mschap.
why? with recent versions of FreeRADIUS this just works(tm) with no rewriting needed
- just ensure that the ntlm_auth line has the correct arguments and
you have the ntdomain stuff turned on .
we used to have all kinds of hacky stuff in our config...almost all
of it is now wiped away with a small spattering of unlang here
and there for utility
alan
More information about the Freeradius-Users
mailing list