windows domain\user change to user at domain

green green gggreen4 at gmail.com
Wed Dec 16 01:50:43 CET 2009 

*in the /etc/raddb/modules/realm file,
*
realm ntdomain {
        format = prefix
        delimiter = "\\"
}

*In the proxy.conf
*realm H1 {
       type             = radius
        nostrip
        authhost        = 1.2.3.4:1812
       accthost        = 1.2.3.4:1813
       secret          = secret1
        retry_delay = 3
        retry_count = 1
}


There are no # infront, thus already uncomment. Can you advise if anything
new thing need to do at the proxy.conf


On Wed, Dec 16, 2009 at 8:42 AM, <tnt at kalik.net> wrote:

> It does, but ntdomain is not enabled by default. You need to uncomment
> that entry in authorize.
>
> Ivan Kalik
>
> > in the /etc/raddb/modules/realm, the windows domain prefix \\ does not
> > seem
> > to work. It still get proxy to the NULL realm. But if i use user!@H1 it
> is
> > proxy correctly to H1 realm and not NULL realm. Can advise anything i
> > missed
> > out in the proxy.conf or radiusd.conf?
> >
> > *in the radius -X debug, H1\user1 does not get to proxy to H1 realm*
> > User-Name = "H1\\user1"
> >         User-Password = "password"
> > +- entering group authorize {...}
> > ++[preprocess] returns ok
> > ++[chap] returns noop
> > ++[mschap] returns noop
> > [suffix] No '@' in User-Name = "H1\user1", looking up realm NULL
> > [suffix] Found realm "NULL"
> > [suffix] Adding Stripped-User-Name = "H1\user1"
> > [suffix] Adding Realm = "NULL"
> > [suffix] Proxying request from user H1\user1 to realm NULL
> > [suffix] Preparing to proxy authentication request to realm "NULL"
> >
> >
> > *In the proxy.conf
> > *
> > realm H1 {
> >        type             = radius
> >         nostrip
> >         authhost        = 1.2.3.4:1812
> >        accthost        = 1.2.3.4:1813
> >        secret          = secret1
> >         retry_delay = 3
> >         retry_count = 1
> > }
> >
> >
> > *user1 at H1 get proxy correct to H1 realm. *
> >         User-Name = "user1 at H1"
> >         User-Password = "password"
> > +- entering group authorize {...}
> > ++[preprocess] returns ok
> > ++[chap] returns noop
> > ++[mschap] returns noop
> > [suffix] Looking up realm "H1" for User-Name = "user1 at H1"
> > [suffix] Found realm "H1"
> > [suffix] Adding Realm = "H1"
> > [suffix] Proxying request from user wlanH1 to realm H1
> > [suffix] Preparing to proxy authentication request to realm "H1"
> >
> >
> >
> > On Wed, Dec 16, 2009 at 7:06 AM, green green <gggreen4 at gmail.com> wrote:
> >
> >> can advise how to rewrite the username in domain\user to user at domain so
> >> that the realm can be done to proxy the radius request to the upstream
> >> radius server.
> >>
> >> or no rewrite of username is need. can the freeradius proxy based on
> >> domain\user which domain\ can be use as realm to radius proxy to
> >> upstream
> >> radius server.
> >>
> >> please advise and thanks.
> >>
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20091216/30660bf8/attachment.html>

More information about the Freeradius-Users mailing list