Machine auth fails but user auth works
Matthew Newton
mcn4 at leicester.ac.uk
Tue Dec 8 22:54:13 CET 2015
On Tue, Dec 08, 2015 at 04:42:21PM -0500, Dennis Xu wrote:
> ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
> --username=%{%{mschap:User-Name}:-00}
> --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}}
> --domain=%{%{mschap:NT-Domain}:-CFS.UOGUELPH.CA}
That's not hardcoded.
Hardcoded means setting
--domain=CFS.UOGUELPH.CA
i.e. no expansion so nothing else can change the setting.
> --challenge=%{%{mschap:Challenge}:-00}
> --nt-response=%{%{mschap:NT-Response}:-00}"
>
> If I understand correctly from other posts, if client specify a
> domain name, it will use that domain name regardless of the
> ntlm_auth configuration?
%{mschap:...} is magic as far as I am concerned. :)
If you want clients to change the domain name, sure set that up.
But as I wrote before if you know that all clints are talking to
the same domain, why allow them to fiddle with the settings?
(My view here may not be consistent with others on this, but it's
what I do.)
Matthew
--
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users
mailing list