On 01/09/2013 12:43 AM, Matthew Ceroni wrote:
Hi:
I am running FreeRadius version 2.1.12 on a CentOS 6 machine.
For authentication I am using AD (ntlm_auth) and this works create. In
the the request the username is sent as just the plain username (ie:
mceroni) and the NT-domain (ie: DOMAIN1). And it authenticates fine.
My problem is on the authorization side in which I am using LDAP to grab
the groups a user is in. In order to authentication against ldap my bind
DN has to be DOMAIN\username (ie: DOMAIN1\mceroni). I am wondering how I
modify the User-Name or Stripped user name just for the LDAP
Don't modify the "User-Name" attribute; that can break certain auth types.
It's not really clear what you want to do, but you can either edit the
LDAP filters to hard-code the DOMAIN\ prefix, or define and use a local
attribute "Full-User-Name" in raddb/dictionary - see the comments in
there about attribute numbers - then reference that in your LDAP filters.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
