New User and AD Question
McNutt, Justin M.
McNuttJ at missouri.edu
Wed Mar 2 13:09:20 CET 2011
> These look like MS-CHAP machine-auth usernames; have you
> considered using:
>
> %{mschap:User-Name}
> %{mschap:NT-Domain}
>
> The mschap module has special handling for host/ names, and
> these will
> expand:
>
> host/name.domain.com
>
> to:
>
> name$
> domain.com
>
> The trailing dollar sign on the hostname is intentional; SAM account
> names for machines conventionally end in $ in windows.
I'm aware of all of this. The problem is, it doesn't seem to be actually working. Here's the ntlm_auth command I'm using:
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name} --domain=%{mschap:NT-Domain} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
Note use of "%{mschap:User-Name}" and "%{mschap:NT-Domain}". Despite this, "host/computer.domain" login attempts always fail. Hence, trying to do the translation manually via a regex and update clauses.
--J
More information about the Freeradius-Users
mailing list