UserPrincipalName with ntlm_auth, trying to get it "right"

Mathieu Simon (Lists) matsimon.lists at
Wed Jan 27 16:09:14 CET 2016


As a quick follow-up on that topic referrring to Matthew Newton

Am 15.01.2016 um 12:43 schrieb Matthew Newton:

> But if you try it with UPN and it works reliably then it would be
> interesting to know.

To which I answered back then:
> I feel like I've just changed from being the one testing to being the
> guinea pig myself ... ;-)

The guinea pig (me) thinks that after I got hands on a couple of
different devices to test against that there is time for an update on
the results:

I've now tested with several different Windows-ish
Notebooks/Tablets/Phones, MacBooks, iOS and Android versions and devices
I could get my hands on. I've used different UPN names on them always
with PEAP-MSCHAPv2 as outlined previously in this thread and none has
yet failed. *touches wood*

Actually the way Windows domain member devices send authentication
requests under some configurations when enabling their "Single Sing On"
option is giving me more issues now than the UPN based authentication on
personal/BYOD devices.

-- Mathieu

More information about the Freeradius-Users mailing list