Dow, Corey wrote:
> ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
> --username=%{mschap:User-Name:-None} --domain=%{NT-Domain:-idmcorp.net}
> --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
Where is the NT-Domain supposed to come from?
> The bottom line when I look at radiusd -X is that the challenge fails because
> only idmcorp.net is applied:
...
> WARNING: Attempt to use unknown xlat function, or non-existent attribute in
> string %{NT-Domain}
So... there's no NT-Domain, and the idmcorp.net domain is used. This
is what you configured.
> Sorry so wordy. Can anyone think of a way to get this working for both the
> parent/child domains ?
Step 1: get it working from the command line with the --domain
argument. The tests you showed did *not* use the --domain argument...
yet you configured this in the mschap module.
Step 2: Get the --domain=<foo> argument to expand properly for each
domain. This involves configuring policy checks...
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
