"Dourty, Brian R. (IATS)" <[EMAIL PROTECTED]> wrote: > 1. Keeping in mind that user1 in domain1 can auth as long as domain1 > isn't supplied why does supplying domain1 cause the auth to fail?
Because the MS client does the MS-CHAP calculations using the username without the domain, but supplies the username to the RADIUS server WITH the domain. See the list archives for more explanations. > 2. What does preprocess do with realm is strips off? I'd like to be able > to pass the realm as a --domain option to ntlm_auth. Read the debug log. It adds it as an attribute. > 3. Why does PEAP think the username is still domain/user? I see the > following in the logs while running "radius -X -A" > > PEAP: Setting User-Name to UMC-USERS\dourtyb Because that's the name in the EAP identity packet. Read the debug log, it says this. > Should it be using Stripped-User-Name instead? No. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
