Hi,
2009/6/2 <[email protected]> > > ah! multiple remote domains - not in a forest of trust? > All in the same Forest & Tree, yes - but it still appears to be unhappy as it can't work out which the domain the $PCNAME$ machine lives in. > > > I can't really see anyway to resolve this, other than moddifing the > > ntlm_auth line based on some unlang logic to cut out the uk, us, and au > bit > > from the "X.mycompany.local" supplied domain name in the "host/" > username. > > Is this even possible though?? > > that could work....hmm something along the lines of > > if (%{User-Name} =~ /.domain.wanted/({ > ntlm_auth blah blah --domain DOMAINWANTED > } > > etc etc so ntlm_auth gets fired off with the right stuff...no playing > with User-Name Sounds good - I'll give this logic a go... Where best to place this bit of Unlang? In the inner-tunnel Authorization stanza, before ms-chap? Would I need to repeat in the Authentication MS-CHAP bit too, or does it get set at the beginning of the "request session" and follow all the way though. Suppose I could just get on and try it out! Many thanks for your help. Rupert
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
