Upgrade to v2.1.9 - ntdomain logon issues

Alan Buxey A.L.M.Buxey at lboro.ac.uk
Wed Sep 8 20:35:04 CEST 2010


Hi,

> [copy.user-name]        expand: %{User-Name} -> SMB001\bob
> copy.user-name: Added attribute Stripped-User-Name with value 'SMB001\bob'
> ++[copy.user-name] returns ok
> [add-dollar-sign]       expand: ^(host/.*) -> ^(host/.*)
> add-dollar-sign: Does not match: Stripped-User-Name = SMB001\bob
> ++[add-dollar-sign] returns ok
> [strip-realm-name]      expand: ^(.*[\/]+) -> ^(.*[\/]+)
> strip-realm-name: Changed value for attribute Stripped-User-Name from
> 'SMB001\bob' to 'bob'
> ++[strip-realm-name] returns ok

WARNING - ALERT - WARNING

those particular filters look way way too familiar to me.  they look like
some kind of FreeRADIUS 1.0.x hack that I would have told someone to put into
their config back in around 2007 or so.

you do not need that sort of stuff in FreeRADIUS 2.x 

what you are doing is messing around with the EAP identity 
and thus EAP will break. 

I'd advise that you take a nice clean FreeRADIUS 2 config, then edit the
small parts that you need to edit to get a working system - 

clients.conf

so that NAS devices can talk to it

eap.conf

so that your EAP is correct

then the ldap files - as you appear to use LDAP.

there might be some other minor bits that need tweaking...but that'll
be fairly obvious when you throw test clients at it


alan



More information about the Freeradius-Users mailing list