Hi, when using RADIUS, the NT domains should not be stripped from the username. When a base object is instantiated based on an auth object, the "strip_nt_domain" variable is always enforced to zero in case of using RADIUS. The auth object itself though has it set to one by default.
Now on configuration reload in npppd_auth_reload(), the value is copied from the corresponding auth object to the base object. base->strip_nt_domain = auth->strip_nt_domain; Unfortunately in the case of RADIUS, this means that the RADIUS base object gets overridden. So in that case reset it to zero like it's done in npppd_auth_create(). ok? Patrick diff --git a/usr.sbin/npppd/npppd/npppd_auth.c b/usr.sbin/npppd/npppd/npppd_auth.c index 101f8cc9a7f..4db88f05e25 100644 --- a/usr.sbin/npppd/npppd/npppd_auth.c +++ b/usr.sbin/npppd/npppd/npppd_auth.c @@ -212,6 +212,7 @@ npppd_auth_reload(npppd_auth_base *base) switch (base->type) { #ifdef USE_NPPPD_RADIUS case NPPPD_AUTH_TYPE_RADIUS: + base->strip_nt_domain = 0; if (npppd_auth_radius_reload(base, auth) != 0) goto fail; break;