Problems with User-Name/Stripped-User-Name
Erling Paulsen
erling.paulsen at cc.uit.no
Wed Jul 27 13:44:11 CEST 2005
Hello.
Is it possible to have the stripped username stored somewhere, even
if I set 'nostrip' for a realm in proxy.conf?
My setting is this, and this is the only problem I have left on my server:
01 I have a realm example.com, and this realm has 'nostrip' in it's
definition in proxy.conf
02 If I detect it's an EAP request I proxy it to another realm (in the
users file) and this works great - as 'user at example.com'.
03 If it's not an EAP request I want the local LDAP module to handle the
request, just that I now need the stripped username, and the realm has
already made it 'nostrip'. Here I want just 'user' instead of
'user at example.com'.
If I change the filter in the LDAP module to match on
%{Stripped-User-Name}, then this is offcourse empty. It would be nice to
%have some way to make both User-Name and Stripped-User-Name exist at the
%same time.
If I remove the 'nostrip' from the realm it works for local ldap module
handling but not for proxy to remote server for EAP, because that server
requires the full non-stripped username.
Any hints as to fix this little problem?
- Erling
--
----------------|sig|---
Erling.Paulsen at cc.uit.no
Nettseksjonen, ITavd UiT
More information about the Freeradius-Users
mailing list