FreeRadius 2.1.6 + EAP-PEAP issue
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Thu Jul 9 12:50:07 CEST 2009
Hi,
> That entry alters User-Name and shouldn't be used with EAP. It works fine
> with plain mschap but not here.
>
> Enable ntdomain in inner-tunnel virtual server (just under suffix) and
> create a local domain in proxy.conf:
>
> realm csd-notebook {
> }
i think his issue was that REALM could be anything random
from the laptop - ie its the machine name not a proper
set DOMAIN
gregs-machine\blurky
my-laptop\pinky
test-xp-3\adminstaff3
etc.
i think, in this case you need to use either attr rewrite
or unlang to take that value and NULL it into Stripped-User-Name
and then use Stripped-User-Name for the authentication step
(ntlm_auth) instead
though, from last looking at it, using MSCHAP:User-Name and
required AD domain in ntlm_auth worked pretty fine with
no fancy rewrites or unlang.
alan
More information about the Freeradius-Users
mailing list