Problems with User-Name/Stripped-User-Name

Nicolas Baradakis nbk at
Thu Jul 28 12:26:48 CEST 2005

Erling Paulsen wrote:

> Only that, if there is a 'Stripped-User-Name' attribute in the request, it
> seems that the server automatically uses this instead of 'User-Name' when
> proxying.

Ah, yes. I didn't know the server does that.

Question for Alan: in src/main/proxy.c should we check the value
of realm.striprealm before overwriting the User-Name with the

> I fixed it a little "dirty" by rewriting the stripped username to
> the 'Hint' attribute - using %{Hint} in the ldap filter, and then
> 'User-Name' can be used in all its full glory for EAP proxy to the remote
> server.
> If I ever must use the Hint attr I will remake a better solution.

You could add an additional attribute at the end of /etc/raddb/dictionnary
for that purpose.

Nicolas Baradakis

More information about the Freeradius-Users mailing list