Ok Phil. That works fine, thanks.
I had to enable with_ntdomain_hack too.
2006/5/5, Phil Mayers <[EMAIL PROTECTED]>:
wekz wrote:
> Hi all,
>
> I use freeradius1.1.1 + ldap. And peap or eap-tls for authorization.
>
> I've been trying to use hints.file for changing the User-Name. When a
> laptop user which is in a domain tries to do a peap authentication,
> windows sends a User-Name that follows this pattern (at least the ones
> I've seen):
>
> DOMAIN\5c\5cLOGIN
>
> I'm trying to catch up the LOGIN name so the radius can perform a search
> in ldap.
>
> I've modify hints.file including this line:
>
> DEFAULT User-Name =~ "^([^\\]+)\\5c\\5c([^\\]+)"
> User-Name := "%{2}"
I assume you didn't mean "5c" but the body of your mail appears to have
been corrupted along the way.
>
>
> The problem is that this rule matches but it changes the User-Name for
> an empty string.
I believe that should be:
DEFAULT User-Name =~ "^([^\\]+)\\\\([^\\]+)"
User-Name = `%{2}`
HOWEVER - you should almost certainly be using the "realm" module to do
this. The default config has "realm ntdomain {" ...config lines defined.
If you put this in "authorize" like so:
authorize {
preprocess
ntdomain
# other modules
}
...then add this in proxy.conf:
realm MYDOMAIN {
type = radius
authhost = LOCAL
accthost = LOCAL
strip
}
...you can then use the following in e.g. the ldap config:
ldap {
# other config
# NOTE: the expansion means "Stripped-User-Name OR User-Name"
filter = "(sAMAccountName=%{Stripped-User-Name:-%{User-Name}})"
# other config
}
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
