Suffix authentication

Sallee, Stephen (Jake) Jake.Sallee at umhb.edu
Tue Aug 10 18:16:55 CEST 2010


I hope someone can help me.

I have written in about this problem before so please forgive me, but it
is still plaguing me : )

Quickly, my problem is users cannot log in using username at domain but can
login fine with domain\username.

One person mentioned the realms module, but when I look at it the
default conf looks fine.  The delimiter is correctly set to '@'.  I
tried adding my domains to the realm module by copying the default
suffix config  and using my domain info but that causes FR to fail its
sanity check.

I am using MSCHAPv2 with PEAP authentication and when the user fails the
logon with username at domain the ntlm_auth program reports a bad password
even though the same user will have no problem with domain\username.

Also, the FR wiki says the realms file is depreciated ... so what am I
supposed to do?

What would be really great would be a script I could use to determine
the domain of the user BEFORE they reach ntlm_auth so I can prepopulate
the command with the correct domain and just forget this suffix stuff :
)  I think the best place for this would be in the mschap module but
what is the language?  Would it be unlang or regular bash scripting?

Thanks for any assistance!

Jake Sallee
Godfather Of Bandwidth
Network Engineer

Fone: 254-295-4658
Phax: 254-295-4221







More information about the Freeradius-Users mailing list