> > well, you can use regexp/attr_filter to look for these systems > and then just chop off the activedirectorydomain.domain.domain. part > thus allowing the AD REALM to be forced by yourselves. > > I tried something similar i used attr_rewrite to replace the bad parts of User-Name with the modified correct values, it, however because i am using eap-ttls, i got an eap error "rlm_eap: Identity does not match User-Name, setting from EAP Identity. rlm_eap: Failed in handler"
can you point me to a doc where the attr_filter is explained better? from reading the comments/documentation i got the impression it was primarily used for proxying, and wouldn't work for other things... Joe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html