vlan ldap radiusd
Alexander Clouter
alex at digriz.org.uk
Fri Jul 15 23:25:18 CEST 2011
Serge van Namen <svnamen at snow.nl> wrote:
>
> I accomplished to strip the username, it authenticates successfully against LDAP.
> But eventually it fails on EAP I think, because the username isn't the original from the request.
>
> [snipped]
> users: Matched entry DEFAULT at line 7
> modcall[authorize]: module "files" returns ok for request 3
>
What does this do?
You must not change User-Name at all...I suspect somewhere in your
configuration you are doing so to try to fix another problem. If you
want the User-Name to be realmless then use Stripped-User-Name or use
unlang to populate something like Tmp-String-0.
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for userA
> radius_xlat: '(uid=userA)'
> radius_xlat: 'ou=y,ou=people,dc=example,dc=com'
>
What are you xlat'ing? Can we see your configuration? Are you using
ldap xlat to set User-Name? If so, don't!
Cheers
--
Alexander Clouter
.sigmonster says: fortune: not found
More information about the Freeradius-Users
mailing list