James Cort <james.cort@u4eatech.com> wrote:
The problem I am having is that I cannot figure out how to get both the LDAP backend and the EAP parts working simultaneously. If I enable the "with_ntdomain_hack" option, LDAP works but EAP gives the "rlm_eap: Identity does not match User-Name, setting from EAP Identity." error. Removing the with_ntdomain_hack option results in the log below.
Ah, you have DOMAIN\user logging in, and your LDAP server knows about "user". Try the following in "hints": DEFAULT User-Name =~ "\\(.*)$" Menu = "%{1}" Then in radiusd.conf, do: ... ldap { ... filter = "(uid=%{Menu:-%u})" ... Yes, "menu' is a bad name, but it should work. The idea is to grab the "user" from "DOMAIN\user", and to stuff it into another attribute. Then, use that attribute as the username in the LDAP filter, rather than User-Name. Alan DeKok.