wekz wrote:
Hi all,
I use freeradius1.1.1 + ldap. And peap or eap-tls for authorization.
I've been trying to use hints.file for changing the User-Name. When a
laptop user which is in a domain tries to do a peap authentication,
windows sends a User-Name that follows this pattern (at least the ones
I've seen):
DOMAIN\5c\5cLOGIN
I'm trying to catch up the LOGIN name so the radius can perform a search
in ldap.
I've modify hints.file including this line:
DEFAULT User-Name =~ "^([^\\]+)\\5c\\5c([^\\]+)"
User-Name := "%{2}"
I assume you didn't mean "5c" but the body of your mail appears to have
been corrupted along the way.
The problem is that this rule matches but it changes the User-Name for
an empty string.
I believe that should be:
DEFAULT User-Name =~ "^([^\\]+)\\\\([^\\]+)"
User-Name = `%{2}`
HOWEVER - you should almost certainly be using the "realm" module to do
this. The default config has "realm ntdomain {" ...config lines defined.
If you put this in "authorize" like so:
authorize {
preprocess
ntdomain
# other modules
}
...then add this in proxy.conf:
realm MYDOMAIN {
type = radius
authhost = LOCAL
accthost = LOCAL
strip
}
...you can then use the following in e.g. the ldap config:
ldap {
# other config
# NOTE: the expansion means "Stripped-User-Name OR User-Name"
filter = "(sAMAccountName=%{Stripped-User-Name:-%{User-Name}})"
# other config
}
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
