The problem I'm trying to solve relates to Windows users who leave that
"Automatically use my Windows login name and password" property checked. At my
site, we authenticate with PEAPv0/MSCHAPv2 with usernames and mschapv2 password
hashes stored in an ldap database, not in a Windows Domain. I'd like to get
FreeRadius to strip off the computer name and password for these requests based
on regular expression. As things are right now my hints file looks something
like this.
DEFAULT Prefix == "DOMAIN\\", Strip-User-Name = Yes
Hint = "CAMPUS"
DEFAULT Prefix == "DOMAIN.EDU\\", Strip-User-Name = Yes
Hint = "CAMPUS"
DEFAULT Prefix == "@DOMAIN.EDU\\", Strip-User-Name = Yes
Hint = "CAMPUS"
And I have a bunch of these but not every computer name of course. My users
file uses this for the hint.
DEFAULT Hint == "CAMPUS", MS-CHAP-Use-NTLM-Auth := No
Session-Timeout == 10800,
Fall-Through = No
I'd like to set the hint with something like this, but I have not been able to
get anything to work nor do I know if it is even possible to use regular
expressions in the hints file. I have made sure freeradius was compiled with
extended regular expression support.
DEFAULT Prefix =~ "^(.*[\\\\]+)", Strip-User-Name = Yes
Hint = "CAMPUS"
None of these have worked, even with a subset of requests.
DEFAULT Prefix =~ "^DOMAIN\\\\"
User-Name := "%{Stripped-User-Name}",
Hint = "CAMPUS"
DEFAULT Prefix =~ /*\\\\/, Strip-User-Name = Yes
searchfor = "^(.*[\\/]+)"
DEFAULT Prefix =~ "^(.*[\\\\]+)", Strip-User-Name = Yes
Hint = "CAMPUS"
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
