Enable with_ntdomain_hack by default in mschap

diff --git a/raddb/mods-available/mschap b/raddb/mods-available/mschap
index 7d7deb8cd34f339f217f15dff8981d2df0245aec..e496ccc6b2ad7477c8d4270b542d56efcf770442 100644 (file)
--- a/raddb/mods-available/mschap
+++ b/raddb/mods-available/mschap
@@ -28,13 +28,6 @@ mschap {
        #
 #      require_strong = yes
 
-       # Windows sends us a username in the form of
-       # DOMAIN\user, but sends the challenge response
-       # based on only the user portion.  This hack
-       # corrects for that incorrect behavior.
-       #
-#      with_ntdomain_hack = no
-
        # The module can perform authentication itself, OR
        # use a Windows Domain Controller.  This configuration
        # directive tells the module to call the ntlm_auth

diff --git a/src/modules/rlm_mschap/rlm_mschap.c b/src/modules/rlm_mschap/rlm_mschap.c
index 7a403fd892048bf99b96027f65109f2211b95051..9770996639436527adea9ce88bb8d70a8150fa74 100644 (file)
--- a/src/modules/rlm_mschap/rlm_mschap.c
+++ b/src/modules/rlm_mschap/rlm_mschap.c
@@ -545,7 +545,7 @@ static const CONF_PARSER module_config[] = {
        { "require_strong",    PW_TYPE_BOOLEAN,
          offsetof(rlm_mschap_t,require_strong), NULL, "no" },
        { "with_ntdomain_hack",     PW_TYPE_BOOLEAN,
-         offsetof(rlm_mschap_t,with_ntdomain_hack), NULL, "no" },
+         offsetof(rlm_mschap_t,with_ntdomain_hack), NULL, "yes" },
        { "passwd",   PW_TYPE_STRING_PTR,
          offsetof(rlm_mschap_t, passwd_file), NULL,  NULL },
        { "ntlm_auth",   PW_TYPE_STRING_PTR,