Ok Phil. That works fine, thanks. I had to enable with_ntdomain_hack too.
2006/5/5, Phil Mayers <[EMAIL PROTECTED]>:
wekz wrote: > Hi all, > > I use freeradius1.1.1 + ldap. And peap or eap-tls for authorization. > > I've been trying to use hints.file for changing the User-Name. When a > laptop user which is in a domain tries to do a peap authentication, > windows sends a User-Name that follows this pattern (at least the ones > I've seen): > > DOMAIN\5c\5cLOGIN > > I'm trying to catch up the LOGIN name so the radius can perform a search > in ldap. > > I've modify hints.file including this line: > > DEFAULT User-Name =~ "^([^\\]+)\\5c\\5c([^\\]+)" > User-Name := "%{2}" I assume you didn't mean "5c" but the body of your mail appears to have been corrupted along the way. > > > The problem is that this rule matches but it changes the User-Name for > an empty string. I believe that should be: DEFAULT User-Name =~ "^([^\\]+)\\\\([^\\]+)" User-Name = `%{2}` HOWEVER - you should almost certainly be using the "realm" module to do this. The default config has "realm ntdomain {" ...config lines defined. If you put this in "authorize" like so: authorize { preprocess ntdomain # other modules } ...then add this in proxy.conf: realm MYDOMAIN { type = radius authhost = LOCAL accthost = LOCAL strip } ...you can then use the following in e.g. the ldap config: ldap { # other config # NOTE: the expansion means "Stripped-User-Name OR User-Name" filter = "(sAMAccountName=%{Stripped-User-Name:-%{User-Name}})" # other config } - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html