Accept both machine auth and user with domain auth

Trevor Jennings tjennings at
Sun Jun 26 23:11:55 CEST 2016


 I am trying to configure freeradius to accept either machine auth (using
host/<user>.<domain>) or user authentication (user at domain when they come
from Eduroam).

Previously I had in the mschap module for the ntlm_auth:-


Which works fine for users without domains and machine authentication.

For Eduroam, because they have the domain included, I decided to replace
mschap:User-Name with %{Stripped-User-Name} which works except it broke
machine authentication.

While researching this issue, I came across a configuration for ntlm_auth
using the following:-


Which I assume means if Stripped-User-Name is null, then use

I do not understand what I would need to do to achieve this. Would I need
to set 'nostrip' under the realm for the domain of that user


 - Trevor

More information about the Freeradius-Users mailing list