We are now using UsernameMatchesWithoutRealm whereas before we required the
domain not be included.
<Handler ConvertedFromEAPMSCHAPV2=1>
...
<AuthBy NTLM>
UsernameMatchesWithoutRealm
DefaultDomain AD
</AuthBy>
But I believe this will strip remote domains as well - so someone could enter a
remote domain and it would still work (as long as they have an account locally
of course). Would adding a new handler above like the following fix this?
<Handler ConvertedFromEAPMSCHAPV2=1 Realm=/^(?:.+\.)*uic\.edu$/i>
...
<AuthBy NTLM>
UsernameMatchesWithoutRealm
DefaultDomain AD
</AuthBy>
We want to allow both username and [email protected] - but not accept something
like [email protected].
---
Roberto Ullfig - [email protected]
Systems Administrator
Enterprise Applications & Services | Technology Solutions
University of Illinois - Chicago
_______________________________________________
radiator mailing list
[email protected]
https://lists.open.com.au/mailman/listinfo/radiator
