Changing domain for ntlm_auth

NdK ndk.clanbo at
Wed Jan 25 11:37:48 CET 2012

Hi all.

To let (most (*)) users login with their e-mail address, I'd need to
"translate" the realm part to a domain.

So I added to proxy.conf :
realm STUDENTI {
realm "~^studio\\.unibo\\.it" {
    Realm := "STUDENTI"
realm "~^studio\\.unibo\\.it" {
    Realm := "PERSONALE"
realm "~^unibo\\.it" {
    Realm := "PERSONALE"
What I thought it would do was "if user name is like ''
then set REALM to be local 'STUDENTI'" but obviously I was wrong...
Request is EAP-PEAP-MSChapv2 and the authentication oracle is an AD node
(hence the use of ntlm_auth).

If I authenticate using user at PERSONALE it works perfectly. What am I

(*) Just 'most' users since I couldn't yet find a way to use the UPN, so
users whose UPN have been changed must login with their 'base' name.
Don't think there's an easy fix for this, since even joined win machines
*sometimes* refuse the changed UPN...


More information about the Freeradius-Users mailing list