I'm using Free Radius 1.1.2. I wanted to share what I did to get Windows machine authentication (via ntlm_auth) to work properly in my network.
After configuring FreeRadius for ntlm_auth against my windows network, I found that not all machines got authenticated. Machines with names longer than 15 characters did not get authenticated. I found out that this is because Windows supplicant send the machine name as "host/quitelongmachinename.company.domain", and the mschap module of FreeRadius strip "quitelongmachinename" and use that when running ntlm_auth (it actually uses "quitelongmachinename$". But, ntlm_auth needs "quitelongmachin$" to work (i.e. only the first 15 chars). So, I went to "src/modules/rlm_mschap/rlm_mschap.c" and changed this line: snprintf(out, outlen, "%s$", user_name->strvalue + 5); with these lines: char largo[20]=""; snprintf(largo, 16, "%s", user_name->strvalue + 5); strcat(largo, "$"); strNcpy(out,largo,17); And recompiled. That got FreeRadius to send to ntlm_auth only the first 15 chars of the machinename when doing machine authentication. I'm not a programmer so probably what's above is not the nicer way to get the idea done, but hey, it worked pretty well. Now machine authentication works no matter how long the machine name is. Thought I would share it... FreeRadius version: 1.1.2 Authentication method: PEAP-MSCHAP Client: Windows XP supplicant Authenticating against: A windows AD domain via ntlm_auth Samba version: 3.0.22 G. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
