Not sure that it's the right place but I was able to hack 'hints' file to handle this
Craig On Sat, 2008-12-06 at 12:07 -0700, Craig White wrote: > freeradius-1.1.3-1.2.el5 > > LDAP authentication (OpenLDAP) > > I am mostly working now but I do get failures if a user has the Windows > Domain set to any value at all which of course means that the > authentication is passed as DOMAIN\user and I want it to strip out the > DOMAIN\ part and just keep the user so Windows laptops would just > automatically authenticate current logged in user. > > Not sure this is necessary but this is the debug of what is happening... > > rlm_ldap: - authorize > rlm_ldap: performing user authorization for MyOrg\craigwhite > radius_xlat: '(uid=MyOrg\5c\5ccraigwhite)' > radius_xlat: 'ou=People,ou=Accounts,o=MyOrg,c=US' > rlm_ldap: ldap_get_conn: Checking Id: 0 > rlm_ldap: ldap_get_conn: Got Id: 0 > rlm_ldap: attempting LDAP reconnection > rlm_ldap: (re)connect to localhost:389, authentication 0 > rlm_ldap: could not set LDAP_OPT_X_TLS_REQUIRE_CERT option to allow > rlm_ldap: bind as cn=admin,o=MyOrg,c=US/pass to localhost:389 > rlm_ldap: waiting for bind result ... > rlm_ldap: Bind was successful > rlm_ldap: performing search in ou=People,ou=Accounts,o=MyOrg, with > filter (uid=MyOrg\5c\5ccraigwhite) > rlm_ldap: object not found or got ambiguous search result > rlm_ldap: search failed > rlm_ldap: ldap_release_conn: Release Id: 0 > modcall[authorize]: module "ldap" returns notfound for request 0 > modcall: leaving group authorize (returns ok) for request 0 > rad_check_password: Found Auth-Type MS-CHAP > auth: type "MS-CHAP" > Processing the authenticate section of radiusd.conf > modcall: entering group MS-CHAP for request 0 > rlm_mschap: No User-Password configured. Cannot create LM-Password. > rlm_mschap: No User-Password configured. Cannot create NT-Password. > rlm_mschap: NT Domain delimeter found, should we have enabled > with_ntdomain_hack? > rlm_mschap: Told to do MS-CHAPv2 for MyOrg\craigwhite with NT-Password > rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. > rlm_mschap: FAILED: MS-CHAP2-Response is incorrect > modcall[authenticate]: module "mschap" returns reject for request 0 > modcall: leaving group MS-CHAP (returns reject) for request 0 > auth: Failed to validate the user. > Login incorrect (rlm_ldap: User not found): [MyOrg\\craigwhite/<no > User-Password attribute>] (from client RRAS port 11 cli 68.231.14.75) > Delaying request 0 for 1 seconds > Finished request 0 > > I have tried it with ntdomain_hack enabled but the outcome is the same. > > If I don't include the Domain, I get authenticated no problem...so I > figure all I need/want is to strip the user name out. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
