Alan DeKok a écrit : Thanks for your answers.
In the radiusd.conf config file, the %{Stripped-User-Name} is correctly created from %{User-Name}.david.barbion@adeoservices.com wrote:Hello, The problem is when a computer tries to authenticate, the User-Name sent is "host//computername/", but in ldap we have entrie like /computername/$. So we have some attr_rewrite that removes host/ and adds the dollar sign.Why? You can just create a *new* attribute, Stripped-User-Name, with the updated contents. Then, configure the ldap module to look first for Stripped-User-Name, and then User-Name: foo = "... %{Stripper-User-Name:%{User-Name}} ..." See doc/variables.txt
%{User-Name} looks like "host/computername" and is not modified,
%{Stripped-User-Name} looks like "computername$"
In the ldap module, it is %{Stripped-User-Name} that is used.
I have made some tests with and without the %{User-Name} change, but nothing helpsrlm_ldap finds correctly the entry, but EAP complains about the user name change: "*rlm_eap: Identity does not match User-Name, setting from EAP Identity.** rlm_eap: Failed in handler"Then... don't edit the User-Name. There's no need to edit it. Alan DeKok.
I have another question: How does the EAP/MSCHAPV2 authentication work ? which username/password couples does it take ? and with which database does it compare to ?
Regards
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ce message et toutes les pièces jointes sont établis à l'attention exclusive de leurs destinataires et sont confidentiels. Si vous recevez ce message par erreur, merci de le détruire et d'en avertir immédiatement l'expéditeur. L'internet ne permettant pas d'assurer l'intégrité de ce message, le contenu de ce message ne représente en aucun cas un engagement de la part de Adeo Services.