EAP-TLS - About username sent by supplicant

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Fri Dec 14 10:39:08 CET 2007


> My question deals with the username sent by the supplicant when the authentication goes on. At boot
> time, the username sent is : host/user_name. After the login, the username sent is : user_name. So, I
> have to create 2 users. I want to cut 'host/' to make this task easier. It is possible ? How do I do this ?

attr_filter or somesuch eg put these into radiusd.conf

attr_rewrite copy-user-name {
attribute = Stripped-User-Name
new_attribute = yes
searchfor = ""
searchin = packet
replacewith = "%{User-Name}"

attr_rewrite remove-host {
attribute = Stripped-User-Name
searchfor = "^(host/.*)"
searchin = packet
new_attribute = no
replacewith = "%{1}"

and then call these 2 functions in your authorize section
(radiusd.conf or sites-enabled/wherever (for FR 2.0) )


just before the other modules are called - eg chap, auth_log etc etc


More information about the Freeradius-Users mailing list