Stripped-User-Name not set when using nostrip?

Phil Mayers p.mayers at imperial.ac.uk
Wed Jul 3 22:11:13 CEST 2013


On 03/07/2013 18:17, Júlíus Þór Bess Ríkharðsson wrote:
>
>
>
> On 03/07/13 16:24, Júlíus Þór Bess Ríkharðsson wrote:
>>> Hi,
>>>
>>> For some reason I cannot get Stripped-User-Name attribute to get
>>> populated when using nostrip for a realm. Is this normal
>>> behaviour or am I missing something?
>
>> Normal. "nostrip" means "don't populate Stripped-User-Name"
>
> Phil: When I unset nostrip the User-Name attribute gets stripped. So
> it made sense to me that nostrip would apply to User-Name but would
> still give the option of Stripped-User-Name.

I don't understand this.

The source code is pretty clear:

https://github.com/FreeRADIUS/freeradius-server/blob/v2.x.x/src/modules/rlm_realm/rlm_realm.c#L172

The "User-Name" attribute isn't touched; a new Stripped-User-Name 
attribute is used.

As I said, request->username is updated, but I'm pretty sure nothing 
much uses this; I'm sure the EAP "identity == username" check doesn't:

https://github.com/FreeRADIUS/freeradius-server/blob/v2.x.x/src/modules/rlm_eap/eap.c#L1000

...explicitly compares to User-Name, not Stripped-User-Name.

Have you actually *tried* this, because it should work. If it doesn't, 
it's likely a problem in your local config.


More information about the Freeradius-Users mailing list