When doing 802.1x authentication from a Windows computer it initially sends the request with the computer credentials. The username comes across as host/E4310-D7SZZN1.domain.local. I then query LDAP in authorize and do authentication against AD.
In order to do both steps the username needs to be stripped to just E4310-D7SZZN1. I was able to accomplish this by placing the following in the authorize section if ("%{request:User-Name}" =~ /^host\/(.*).domain.local$/) { update request { Stripped-User-Name = "%{1}$" } } This worked just for the authentication section as it appears this happens after the LDAP module is called in authorize. How can I get this to happen earlier in the process? Right now I am looking at the proxy.conf file and setting a realm? Would this be the area to have this done?
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html