Re: Multi-domain AD [Kudos]

Wed, 01 Feb 2012 14:15:13 -0800 

Btw, kudos to Alan DeKok and the rest of the FR developers for these FR 
abilities.  The things listed here were INVALUABLE to figuring all of this out 
without just guessing:

1)  "radiusd -XC"  You just can't live without this.  Seriously.

2)  "radiusd -X"    It's there for a reason.  Specifically,

3)  THIS (from radiusd -X):

++? if (User-Name =~ /host\/[^\.]+\.(.+)/ )
? Evaluating (User-Name =~ /host\/[^\.]+\.(.+)/) -> FALSE
++? if (User-Name =~ /host\/[^\.]+\.(.+)/ ) -> FALSE
++? elsif (User-Name =~ /([^\/]+)\/(.+)/ )
? Evaluating (User-Name =~ /([^\/]+)\/(.+)/) -> FALSE
++? elsif (User-Name =~ /([^\/]+)\/(.+)/ ) -> FALSE

4)  and THIS:

[mschap] Told to do MS-CHAPv2 for tmpid with NT-Password
[mschap] expand: %{My-User-Name} ->
[mschap] expand: %{mschap:User-Name} -> tmpid
[mschap] expand: --username=%{%{My-User-Name}:-%{mschap:User-Name}} -> 
--username=tmpid
[mschap] expand: %{My-NT-Domain} ->
[mschap] expand: %{mschap:NT-Domain} -> testing
[mschap] expand: --domain=%{%{My-NT-Domain}:-%{mschap:NT-Domain}} -> 
--domain=testing

5)  and last, but certainly not least, "man unlang".  It won't read itself, 
yanno!

It may not be the best way to do it, but it works, and I couldn't have done it 
without all of these debugging features.  It's what my Linux sysadmin calls 
"awesome sauce."

--J

From: Z <mcnu...@missouri.edu<mailto:mcnu...@missouri.edu>>
Reply-To: FreeRadius users mailing list 
<freeradius-users@lists.freeradius.org<mailto:freeradius-users@lists.freeradius.org>>
Date: Wed, 1 Feb 2012 21:57:02 +0000
To: FreeRadius users mailing list 
<freeradius-users@lists.freeradius.org<mailto:freeradius-users@lists.freeradius.org>>
Subject: Multi-domain AD and Users Who Aren't So Bright

So I'm working on a way to Improve the User Experience.  I've gotten a LONG 
way, but now I'm stuck.  Here's the short/long version (all details, without 
undue explanation or discussion of what I tried that doesn't work):

WARNING:  This may well be a case of doing it the hard way.  If that's the 
case, feel free to tell me, but it's not for lack of trying to research this 
via Google, searching archives of this list, etc.  Just tell me what I'm doing 
wrong.  I can handle it.  ;)

Okay, here goes:



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to