Good Afternoon All; Currently my institution allows for registered users to create guest accounts for visitors to enable wireless access for the guest users (Wireless access is controlled via Captive Portal/PAP with a Kerberos Directory backend). Registered users create the guest accounts using the guest users eMail address, such as [email protected] [email protected] etc etc etc. This poses a slight problem though as the "@" sign is a reserved character for Kerberos and thus principles with the "@" cannot be created within our KDC. To solve this problem the account generation application substitutes the "@" for a "+" (so kerberos principles are created in the form jdoe+gmail.com jdoe+hotmail.com). If guest users remember to sub a "+" for their "@" all is well, however often times people forget this and get stuck wondering why their username [email protected] is failing when they have been assured all is well. To completely eradicate this situation we would like to place a Freeradius instance in place of our proprietary radius solution and have it perform the substitution during authentication, so neither the Guest or registered user need concern themselves with the whole "@" "+" thing (so from their standpoint the principle is [email protected] nice and easy... for them ;) I have been trying to determine the best way to accomplish this and would greatly appreciate any ideas as to how this may be completed.
Thank you much. Larry
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
