Re: Could'nt authenticate windows host account with freeradius + ldap backend + samba domain controller
david.barbion@adeoservices.com wrote:
> Hello,
> The problem is when a computer tries to authenticate, the User-Name sent
> is "host//computername/", but in ldap we have entrie like
> /computername/$. So we have some attr_rewrite that removes host/ and
> adds the dollar sign.
Why? You can just create a *new* attribute, Stripped-User-Name, with
the updated contents. Then, configure the ldap module to look first for
Stripped-User-Name, and then User-Name:
foo = "... %{Stripper-User-Name:%{User-Name}} ..."
See doc/variables.txt
> rlm_ldap finds correctly the entry, but EAP
> complains about the user name change: "*rlm_eap: Identity does not match
> User-Name, setting from EAP Identity.**
> rlm_eap: Failed in handler"
Then... don't edit the User-Name. There's no need to edit it.
Alan DeKok.
This archive was generated by a fusion of
Pipermail (Mailman edition) and
MHonArc.