Proxy.conf realms
Matthew Ceroni
matthewceroni at gmail.com
Fri Mar 15 23:47:55 CET 2013
Well I found something that appears to work. I used the hints file. And it
correctly stripped off the host/ and domain.local.
However now I get the error
[eap] Identity does not match User-Name, setting from EAP Identity
[eap] Failed in handler
On Fri, Mar 15, 2013 at 3:29 PM, Matthew Ceroni <matthewceroni at gmail.com>wrote:
> When doing 802.1x authentication from a Windows computer it initially
> sends the request with the computer credentials. The username comes across
> as host/E4310-D7SZZN1.domain.local. I then query LDAP in authorize and do
> authentication against AD.
>
> In order to do both steps the username needs to be stripped to just
> E4310-D7SZZN1. I was able to accomplish this by placing the following in
> the authorize section
>
> if ("%{request:User-Name}" =~ /^host\/(.*).domain.local$/) {
> update request {
> Stripped-User-Name = "%{1}$"
> }
> }
>
> This worked just for the authentication section as it appears this happens
> after the LDAP module is called in authorize.
>
> How can I get this to happen earlier in the process? Right now I am
> looking at the proxy.conf file and setting a realm? Would this be the area
> to have this done?
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130315/34565e3e/attachment.html>
More information about the Freeradius-Users
mailing list