Strip off the domain part from the User-Name
p.mayers at imperial.ac.uk
Thu Mar 24 09:35:23 CET 2011
On 03/23/2011 08:30 PM, Michael Lecuyer wrote:
> The MSCHAPs include the given name when calculating the hashes.
> Stripping the domain will therefore not work. The client is using the
> domain\name in the hash and you're asking the server to use just the name.
Actually that's not true; the mschap "response" field is calculated with
the bare username, excluding the domain. You *should* strip the domain
when you pass it into ntlm_auth; but not by modifying the original
username, as that makes EAP complain.
More information about the Freeradius-Users