EAP identity - username check

Alan DeKok aland at deployingradius.com
Wed Aug 9 18:07:16 CEST 2006


"Carl Wahlin" <carl_wahlin at hotmail.com> wrote:
> Hello,We are trying to get machine certificates to with freeradius for WLAN=
> .Problem:We are using the sql user database plugin as we need to return att=
> ributes (which vlan the user belongs to, QoS etc) and it all works fine unt=
> ill we install the certificates as machine certs. Windows changes the User-=
> Name to host/username and that causes the username not to be correct accord=
> ing to what is in the database, and also the User-Name does not match the c=
> n in the cert.

  That's why the SQL-User-Name attribute exists.  Don't change the
User-Name in the request, which keeps the EAP identity check happy.

  e.g.

  sql_user_name = %{mschap:User-Name:-%{User-Name}}

  Alan DeKok.
--
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog




More information about the Freeradius-Users mailing list