thanks, this way did it. --yedidia fvt3 wrote:
I was able to strip the domain portion of it by having radius execute an external script. Here is what I have in radius to execute the external script..
ldap ldap_ldap1 { server = "" identity = "" password = "" #basedn = "" basedn = "" # filter = "(SamAccountName=%{Stripped-User-Name:-%{User-Name}})" filter = "(SamAccountName=%{exec:/usr/local/freeradius/etc/raddb /nodomain.pl %u})"
I wrote a perl script to strip that off, using a shell script it always add a return character which adds a space after the uid.
--- Yedidia Klein <yedidia@jct.ac.il> wrote:
Hello list,
I'm using freeradius server as a radius server that forward the auth to an LDAP server,
on a RH enterprise system (freeradius-1.0.1-1.1.RHEL3)
I want one of my service providers to authenticate against this radius,
After enabling some debug option I found that it sends me the users in the form of user@domain.tld, that (of course) my ldap don't know and refuse to auth.
Is there a way on freeradius to pass to the ldap server only the left site of the @ sign ?
I tried to use "with_ntdomain_hack = yes" in my ldap section on radiusd.conf w/o success.
thanks,
--Yedidia
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html