Problems with User-Name/Stripped-User-Name
Nicolas Baradakis
nbk at sitadelle.com
Thu Jul 28 12:26:48 CEST 2005
Erling Paulsen wrote:
> Only that, if there is a 'Stripped-User-Name' attribute in the request, it
> seems that the server automatically uses this instead of 'User-Name' when
> proxying.
Ah, yes. I didn't know the server does that.
Question for Alan: in src/main/proxy.c should we check the value
of realm.striprealm before overwriting the User-Name with the
Stripped-User-Name?
> I fixed it a little "dirty" by rewriting the stripped username to
> the 'Hint' attribute - using %{Hint} in the ldap filter, and then
> 'User-Name' can be used in all its full glory for EAP proxy to the remote
> server.
>
> If I ever must use the Hint attr I will remake a better solution.
You could add an additional attribute at the end of /etc/raddb/dictionnary
for that purpose.
--
Nicolas Baradakis
More information about the Freeradius-Users
mailing list