Re: Stripped-User-Name

Wed, 16 Mar 2005 13:01:22 -0800 

radiusd.conf
...
        group {
                redundant {
...

                        fail = 1
                }
                suffix
...
                notfound = return
        }
        files




radiusd -X
...
Exec-Program-Wait: plaintext: Reply-Message = "Remove (@lanl.gov)" from
username ([EMAIL PROTECTED])
Exec-Program: returned: 0
  modcall[authorize]: module "ip_check" returns ok for request 6
    rlm_realm: Looking up realm "lanl.gov" for User-Name =
"[EMAIL PROTECTED]"
    rlm_realm: Found realm "lanl.gov"
    rlm_realm: Adding Stripped-User-Name = "klg"
    rlm_realm: Proxying request from user klg to realm lanl.gov
    rlm_realm: Adding Realm = "lanl.gov"
    rlm_realm: Authentication realm is LOCAL.
  modcall[authorize]: module "suffix" returns noop for request 6
modcall: entering group redundant for request 6
rlm_ldap: - authorize
rlm_ldap: performing user authorization for klg
radius_xlat: 
'(&(objectClass=posixAccount)(description=remote)(uid=klg))'
radius_xlat:  'dc=lanl,dc=gov'
...


with radiusd.conf
...
                #suffix
...

Exec-Program-Wait: plaintext: Reply-Message = "Remove (@lanl.gov)" from
username ([EMAIL PROTECTED])
Exec-Program: returned: 0
  modcall[authorize]: module "ip_check" returns ok for request 6
modcall: entering group redundant for request 6
rlm_ldap: - authorize
rlm_ldap: performing user authorization for [EMAIL PROTECTED]
radius_xlat: 
'(&(objectClass=posixAccount)(description=remote)([EMAIL PROTECTED]))'
radius_xlat:  'dc=lanl,dc=gov'
rlm_ldap: ldap_get_conn: Checking Id: 0
...



On Wed, 2005-03-16 at 11:48, Kevin Jeoung wrote:
> > > Can "Stripped-User-Name" be used for ldap authorization and pap
> > > authentication?
> >
> >   If it exists, yes.
> >
> When does it exist?  I used "suffix" in radiusd.conf but 
> "[EMAIL PROTECTED]" became "@myds.com".
> 
> > > filter = "([EMAIL PROTECTED])".
> > >
> > > But, I got "@aliasdomain" only.  It really stripped the full username.
> >
> >   If there's no Stripped-User-Name attribute, no, it didn't strip the
> >full username.
> >
> Again, when does this attribute exist?  I set suffix and dictionary 
> correctly.
> 
> Kevin
> >   Alan DeKok.
> >
> >
> >-
> >List info/subscribe/unsubscribe? See 
> >http://www.freeradius.org/list/users.html
> 
> _________________________________________________________________
> Is your PC infected? Get a FREE online computer virus scan from McAfee 
> Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to