My problems are similar to a discussion at http://lists.cistron.nl/archives/freeradius-users/2004/05/frm00026.html but I didn't catch the resolve from it. I'm running FreeRADIUS 1.0.0 using PEAP and ntlm_auth.
Windows XP supplicant, when set to authenticate off the system, sends the username as DOMAIN\user In my testing, I had the preprocess with_ntdomain_hack = yes and that stripped it just to user. The problem is, later EAP checks the identity against the username and denies the packet because they're different. If I disable with_nt_domain_hack in preprocess, it passes the username on to ntlm_auth as DOMAIN\user, which fails. I would like the mschap module to strip the domain right before it sends it to ntlm_auth. That sounds like eap's with_ntdomain_hack should do, but that doesn't appear to be working. Am I missing something? Thanks, Dave - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
