NTLM Auth Help

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Tue Jun 2 21:57:10 CEST 2009


> If I follow the logic as supplied by Neil, and remove the "--domain" option
> then this works fine for all users in all domains, and machines in same
> domain that winbind was joined to, but not machines from remote domains. If

ah! multiple remote domains - not in a forest of trust? 

> I can't really see anyway to resolve this, other than moddifing the
> ntlm_auth line based on some unlang logic to cut out the uk, us, and au bit
> from the "X.mycompany.local" supplied domain name in the "host/" username.
> Is this even possible though??

that could work....hmm something along the lines of

if (%{User-Name} =~ /.domain.wanted/({
   ntlm_auth blah blah --domain DOMAINWANTED

etc etc so ntlm_auth gets fired off with the right stuff...no playing
with User-Name 


More information about the Freeradius-Users mailing list