How does Stripped-User-Name get evaluated?
Alan Buxey
alan.buxey at gmail.com
Tue Apr 17 19:18:51 CEST 2018
hi,
%{%{Stripped-User-Name}:-%{User-Name}}
that statement means use stripped-user-name (if it exists) else use user-name
stripped-user-name gets created from user-name via a set of
checks/redacts etc based on entries in eg proxy.conf
and various other settings (eg in mschap) - which will populate the
stripped-user-name
you've also got eg mschap:user-name which may be , eg in the
inner-tunnel, a suitable candidate too
alan
On 17 April 2018 at 14:59, Nick Howitt <nick at howitts.co.uk> wrote:
> I am doing an ldap lookup with /etc/raddb/mods-available/ldap:
> user {
> base_dn = "${..base_dn}"
> filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
>
> It comes back correctly with a simple username, but with a Domain username
> such as "test/MINI-1.CLEARSYSTEM" it always tries to look up user
> "test/MINI-1.CLEARSYSTEM".
>
> Changing
>
> filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
>
> to
>
> filter = "(uid=%{Stripped-User-Name})"
>
> looks up a blank user and
>
> filter = "(uid=%{User-Name})"
>
> looks up user "test/MINI-1.CLEARSYSTEM" which fails.
> I think I am thinking is the function creating Stripped-User-Name is not
> being called. If so, how can I fix it?
>
> Thanks,
>
> Nick
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list