On 13/10/2011 21:16, Kevin Chan wrote:
Hi all,
hopefully i got to the right group of people.
We are trying to use Freeradius to do PEAP/MSCHAPv2
authentication against Active Directory (2003). Our realm is
abc.acme.edu, but since Eduroam doesn't allow subdomain, end user has
to use b...@acme.edu instead b...@abc.acme.edu as username.
Presumably you are in the US? ... It's a shame that US eduroam seems to
forbid subdomains for it's own institutions (lots of organisations doing
eduroam in Europe use subdomain realms).
My question is can you modify the realm behind the user's back?
(during EAP process).
I think this may mess things up... but you shouldn't need to *modify* the
realm? [More info about your specifics please]?
The realm on the outer ID will get the auth to your FR (anyth...@uni.edu).
The realm [if present] on the inner ID is generally stripped before it
goes to ntlm_auth against your AD).
Regards,
James
--
James J J Hooper
Senior Network Specialist, University of Bristol
http://www.wireless.bristol.ac.uk
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
