Problems with User-Name/Stripped-User-Name

Erling Paulsen erling.paulsen at cc.uit.no
Wed Jul 27 13:44:11 CEST 2005


Hello.

Is it possible to have the stripped username stored somewhere, even
if I set 'nostrip' for a realm in proxy.conf?

My setting is this, and this is the only problem I have left on my server:

01 I have a realm example.com, and this realm has 'nostrip' in it's
definition in proxy.conf

02 If I detect it's an EAP request I proxy it to another realm (in the
users file) and this works great - as 'user at example.com'.

03 If it's not an EAP request I want the local LDAP module to handle the
request, just that I now need the stripped username, and the realm has
already made it 'nostrip'. Here I want just 'user' instead of
'user at example.com'.

If I change the filter in the LDAP module to match on
%{Stripped-User-Name}, then this is offcourse empty. It would be nice to
%have some way to make both User-Name and Stripped-User-Name exist at the
%same time.

If I remove the 'nostrip' from the realm it works for local ldap module
handling but not for proxy to remote server for EAP, because that server
requires the full non-stripped username.

Any hints as to fix this little problem?

- Erling
 
-- 
----------------|sig|---
Erling.Paulsen at cc.uit.no
Nettseksjonen, ITavd UiT



More information about the Freeradius-Users mailing list