force/require @domain/part

lejeczek peljasz at
Tue Jun 21 15:43:13 CEST 2016

hi users,

I'm hoping this is possible, having pretty vanilla mschap & 
pap(ntlm) to tweak radius so it - for eap & pap (basically 
AD) - would fail if there is no @domain part in the request.

Like when AD domain is / PRIVATE and radius 
will absolutely need this. At the moment having configs 
constructed of bits from wikis/howtos, both: 
"me at" and "me" get authenticated.

how to tweak?

many thanks,


More information about the Freeradius-Users mailing list