freeradius 2 character delimiter in realm problem
Hello, I am researching my current problem with freeradius not authenticating.
The user is rejected because the name is not found, our AD (w2k3)
sends usernames to freeradius in this format domainname\\username.
I have tried enabling the nt hack under the ldap section with no luck.
reading through the comments in /etc/raddb/radiusd.conf under the ldap
module section I found this though.
# Four config options:
# format - must be 'prefix' or 'suffix'
# delimiter - must be a single character
# ignore_default - set to 'yes' or 'no'
# ignore_null- set to 'yes' or 'no'
and the setting for realmntdomain
#
# 'domain\user'
#
realm ntdomain {
format = prefix
delimiter = \\
ignore_default = no
ignore_null = no
}
so this leads me to two questions.
1 Is \\ actually \ escaped ?
2 can you have 2 character delimiters (despite what the config comments claim)
Cheers for any info.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 2 character delimiter in realm problem
Jacob Jarick wrote: Hello, I am researching my current problem with freeradius not authenticating. The user is rejected because the name is not found, our AD (w2k3) sends usernames to freeradius in this format domainname\\username. That's not a 2-character delimiter. It's a backslash, escaped. I have tried enabling the nt hack under the ldap section with no luck. There's an nt hack in the LDAP section? 1 Is \\ actually \ escaped ? Yes. 2 can you have 2 character delimiters (despite what the config comments claim) No. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 2 character delimiter in realm problem
How would I then tell radius to remove the domain\\ from domain\\user On 4/13/07, Alan DeKok [EMAIL PROTECTED] wrote: Jacob Jarick wrote: Hello, I am researching my current problem with freeradius not authenticating. The user is rejected because the name is not found, our AD (w2k3) sends usernames to freeradius in this format domainname\\username. That's not a 2-character delimiter. It's a backslash, escaped. I have tried enabling the nt hack under the ldap section with no luck. There's an nt hack in the LDAP section? 1 Is \\ actually \ escaped ? Yes. 2 can you have 2 character delimiters (despite what the config comments claim) No. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 2 character delimiter in realm problem
Jacob Jarick wrote: How would I then tell radius to remove the domain\\ from domain\\user Configure the ntdomain instance of the realms module, and make sure it's listed in the authorize section. Then, configure the realm by name in proxy.conf. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
