Freeradius + AD authentication passing Domain+User

Alejandro Cabrera Obed aco1967 at gmail.com
Thu Jun 22 16:49:30 CEST 2017


Thanks to all, Iwill try later and I will follow your advice.

Any failure, I'll keep in touch with you again.

Regards!!!

2017-06-22 11:46 GMT-03:00 Enrico Polesel <epol.lists at gmail.com>:

> Hi all,
>
> On Thu, Jun 22, 2017 at 4:11 PM Alan DeKok <aland at deployingradius.com>
> wrote:
>
> > >
> > > Sending Access-Request of id 220 to 127.0.0.1 port 1812
> > >        User-Name = "alejandro at domain.com <alcabrera at g-bapro.net>"
> >
> >   Is the account in AD called "alejandro at domain.com"?  Or is it just
> > alejandro ?
> >
> >   Again... if you're testing a user in AD, you just need to test with the
> > username that's in AD.  There is simply no reason to do anything else.
> >
>
> Remember that AD has TWO usernames: the sAMAccountName (old style NetBios)
> and the userPrincipalName (new style, kerberos), the latest also includes
> the domain.
>
> BUT windbind (and ntlm_auth) uses the sAMAccountName username, so be sure
> to pass that name and not the new userPrincipalName.
>
> Cheers,
> Enrico
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
>



-- 
 //  Alejandro   //


More information about the Freeradius-Users mailing list