Op 15 jul 2011, om 23:25 heeft Alexander Clouter het volgende geschreven:
Serge van Namen <svnamen@snow.nl> wrote:
I accomplished to strip the username, it authenticates successfully against LDAP. But eventually it fails on EAP I think, because the username isn't the original from the request.
[snipped] users: Matched entry DEFAULT at line 7 modcall[authorize]: module "files" returns ok for request 3
What does this do?
You must not change User-Name at all...I suspect somewhere in your configuration you are doing so to try to fix another problem. If you want the User-Name to be realmless then use Stripped-User-Name or use unlang to populate something like Tmp-String-0.
DEFAULT Suffix == "@realm", Strip-User-Name = Yes, Auth-Type = "LdapY", Autz-Type = "LdapY" Tunnel-Medium-Type = IEEE-802, Tunnel-Type = VLAN, Tunnel-Private-Group-ID = 1
rlm_ldap: - authorize rlm_ldap: performing user authorization for userA radius_xlat: '(uid=userA)' radius_xlat: 'ou=y,ou=people,dc=example,dc=com'
What are you xlat'ing? Can we see your configuration? Are you using ldap xlat to set User-Name? If so, don't!
I didn't configure any xlat'ing afaik, maybe default behavior from what I configured above?
Cheers
-- Alexander Clouter .sigmonster says: fortune: not found
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html