Thanks. I will try this. The subject line was because I was trying to match it to a realm and thought by doing it that way I could get it to strip off what I needed.
On Saturday, March 16, 2013, Phil Mayers <p.may...@imperial.ac.uk> wrote: > On 03/15/2013 10:47 PM, Matthew Ceroni wrote: >> >> Well I found something that appears to work. I used the hints file. And >> it correctly stripped off the host/ and domain.local. >> >> However now I get the error >> >> [eap] Identity does not match User-Name, setting from EAP Identity >> [eap] Failed in handler > > Modifying the "User-Name" attribute is a bad idea. It will, as you have seen, break EAP. > > Use another attribute - maybe define your own local one (see raddb/dictionary and pay attention to the comments about numbering). > > You were previously using Stripped-User-Name - just keep using that, and move the "unlang" you wrote to the top of the "authorize" section i.e.: > > authorize { > if (User-Name =~ /^h.../) { > ... > } > ... > } > > One other alternative is to leave the username alone, and use the xlat provided by the mschap module; specifically this: > > %{mschap:User-Name} > > ...will expand this: > > host/name.domain.com > > ...to this: > > name$ > > Note the trailing dollar sign, which is windows-speak for "machine account". This is required if, for example, you use Samba/ntlm_auth, which requires "--username=host$" as the CLI argument. > > I'm not sure what any of this has to do with the subject line, btw... > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html