New User and AD Question

McNutt, Justin M. McNuttJ at
Wed Mar 2 13:09:20 CET 2011

> These look like MS-CHAP machine-auth usernames; have you 
> considered using:
> %{mschap:User-Name}
> %{mschap:NT-Domain}
> The mschap module has special handling for host/ names, and 
> these will 
> expand:
> host/
> to:
> name$
> The trailing dollar sign on the hostname is intentional; SAM account 
> names for machines conventionally end in $ in windows.

I'm aware of all of this.  The problem is, it doesn't seem to be actually working.  Here's the ntlm_auth command I'm using:

ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name} --domain=%{mschap:NT-Domain} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"

Note use of "%{mschap:User-Name}" and "%{mschap:NT-Domain}".  Despite this, "host/computer.domain" login attempts always fail.  Hence, trying to do the translation manually via a regex and update clauses.


More information about the Freeradius-Users mailing list