Well I found something that appears to work. I used the hints file. And it correctly stripped off the host/ and domain.local.
However now I get the error [eap] Identity does not match User-Name, setting from EAP Identity [eap] Failed in handler On Fri, Mar 15, 2013 at 3:29 PM, Matthew Ceroni <matthewcer...@gmail.com>wrote: > When doing 802.1x authentication from a Windows computer it initially > sends the request with the computer credentials. The username comes across > as host/E4310-D7SZZN1.domain.local. I then query LDAP in authorize and do > authentication against AD. > > In order to do both steps the username needs to be stripped to just > E4310-D7SZZN1. I was able to accomplish this by placing the following in > the authorize section > > if ("%{request:User-Name}" =~ /^host\/(.*).domain.local$/) { > update request { > Stripped-User-Name = "%{1}$" > } > } > > This worked just for the authentication section as it appears this happens > after the LDAP module is called in authorize. > > How can I get this to happen earlier in the process? Right now I am > looking at the proxy.conf file and setting a realm? Would this be the area > to have this done? > >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html