Removing domain prefix from login
Phil Mayers
p.mayers at imperial.ac.uk
Thu Nov 10 17:43:56 CET 2011
Ok, your debug says:
rad_recv: Access-Request packet from host 172.20.40.11 port 1025, id=21,
length=218
Framed-MTU = 1480
NAS-IP-Address = 172.20.40.11
NAS-Identifier = "SW-Priv-1-1"
User-Name = "OPTARE\\brouco"
<snip>
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
Why is preprocess returning "ok".
What are you doing in the hints module?
Are you modifying the username field? A few lines later it says:
[ldap] expand: %{User-Name} -> brouco
If you're modifying the username, you can't do that. It will break EAP,
which is why it says:
[eap] Identity does not match User-Name, setting from EAP Identity.
...then fails.
I assume you want to strip "DOMAIN\" so that you can do LDAP? You CANNOT
modify the User-Name field. You MUST used the Stripped-User-Name field,
and leave the User-Name field alone.
More information about the Freeradius-Users
mailing list