<HTML><HEAD>
<META content="text/html; charset=iso-8859-15" http-equiv=Content-Type>
<META name=GENERATOR content="MSHTML 8.00.7600.16671"></HEAD>
<BODY style="MARGIN: 4px 4px 1px; FONT: 10pt Segoe UI">
<DIV>Hi All,</DIV>
<DIV> </DIV>
<DIV> I am trying to strip the domain name from a userid in the most efficient way possible, I am using version 2.1.1. I have tried using the hints file with regular expressions. </DIV>
<DIV>ex.</DIV>
<DIV>DEFAULT User-Name =~ "([A-Za-z1-9]+)"<BR> User-Name := "%{2}"</DIV>
<DIV> </DIV>
<DIV> In regexbuddy it is showing that it shows two matches, I specify the second match and in the debug output it fails and does not show any username.</DIV>
<DIV> </DIV>
<DIV> I then found another reference to strip the domain from the LDAP module as shown below:</DIV>
<DIV> filter = "(cn=%{mschap:User-Name:-%{User-Name}}<BR># filter = "(cn=%{Stripped-User-Name:-%{User-Name}})"</DIV>
<DIV> </DIV>
<DIV> I am using MSChapV2 and it seems to pass the correct username to the LDAP server it looks like there is some other place I need to strip the domain besides the ldap lookup, that or the replies are using the stripped name and it is failing that way as well. Either way it still is not working. If I un-comment the stripped-user-name and use a supplicant that strips the domain prior to sending it, it does work so Radius is working, just now with standard windows supplicant on XP.</DIV>
<DIV> </DIV>
<DIV><BR>Listening on accounting address * port 1813<BR>Listening on proxy address * port 1814<BR>Ready to process requests.<BR>rad_recv: Access-Request packet from host 172.17.17.66port 1645, id=198, length=157<BR> User-Name = "LPDOT1XTEST\\dotxuser"<BR> Service-Type = Framed-User<BR> Framed-MTU = 1500<BR> Called-Station-Id = "00-1C-B1-5A-8E-05"<BR> Calling-Station-Id = "64-31-50-6E-DA-7A"<BR> EAP-Message = 0x0202001a014c50444f543158544553545c626c69747472656c6c<BR> Message-Authenticator = 0x7041a9eaea23f1896725936e06e3f1dc<BR> NAS-Port-Type = Ethernet<BR> NAS-Port = 50005<BR> NAS-IP-Address = 10.20.90.37<BR>+- entering group authorize {...}<BR>++[preprocess] returns ok<BR>++[chap] returns noop<BR>++[mschap] returns noop<BR>[suffix] No <A href="mailto:'@'">'@'</A> in User-Name = "LPDOT1XTEST\dotxuser", looking up realm NULL<BR>[suffix] No such realm "NULL"<BR>++[suffix] returns noop<BR>[eap] EAP packet type response id 2 length 26<BR>[eap] No EAP Start, assuming it's an on-going EAP conversation<BR>++[eap] returns updated<BR>++[unix] returns notfound<BR>++[files] returns noop<BR>[ldap] performing user authorization for LPDOT1XTEST\dotxuser<BR>[ldap] expand: (cn=%{mschap:User-Name:-%{User-Name}} -> (cn=dotxuser<BR>[ldap] expand: ou=users,o=musd -> ou=users,o=musd<BR>rlm_ldap: ldap_get_conn: Checking Id: 0<BR>rlm_ldap: ldap_get_conn: Got Id: 0<BR>rlm_ldap: attempting LDAP reconnection<BR>rlm_ldap: (re)connect to 172.17.17.1:636, authentication 0<BR>rlm_ldap: setting TLS mode to 1<BR>rlm_ldap: setting TLS CACert File to /etc/raddb/certs/rootder2.b64<BR>rlm_ldap: bind as cn=ldproxy,ou=somecx,o=cx/password! to 172.17.17.1:636<BR>rlm_ldap: waiting for bind result ...<BR>rlm_ldap: Bind was successful<BR>rlm_ldap: performing search in ou=users,o=musd, with filter (cn=dotxuser<BR>rlm_ldap: ldap_search() failed: Bad search filter: (cn=dotxuser<BR>[ldap] search failed<BR>rlm_ldap: ldap_release_conn: Release Id: 0<BR>++[ldap] returns fail<BR>Using Post-Auth-Type Reject<BR>+- entering group REJECT {...}<BR>[attr_filter.access_reject] expand: %{User-Name} -> LPDOT1XTEST\dotxuser<BR> attr_filter: Matched entry DEFAULT at line 11<BR>++[attr_filter.access_reject] returns updated<BR>Delaying reject of request 0 for 1 seconds<BR>Going to the next request<BR>Waking up in 0.9 seconds.<BR>Sending delayed reject for request 0<BR>Sending Access-Reject of id 198 to 172.17.17.66port 1645<BR>Waking up in 4.9 seconds.<BR>Cleaning up request 0 ID 198 with timestamp +20<BR>Ready to process requests.</DIV>
<DIV> </DIV>
<DIV> An yes I am pretty new to freeradius.</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV>Brett Littrell</DIV>
<DIV>Network Manager</DIV>
<DIV>MUSD</DIV>
<DIV>CISSP, CCSP, CCVP, MCNE</DIV></BODY></HTML>