removing domain data from user name

fvt3 fvt3 at yahoo.com
Thu Jul 13 14:42:43 CEST 2006


I was able to strip the domain portion of it by having
radius execute an external script.  Here is what I
have in radius to execute the external script..

ldap    ldap_ldap1      {
                server = ""
                identity = ""
                password = ""
                #basedn = ""
                  basedn = ""
#               filter =
"(SamAccountName=%{Stripped-User-Name:-%{User-Name}})"
                 filter =
"(SamAccountName=%{exec:/usr/local/freeradius/etc/raddb
/nodomain.pl %u})"

I wrote a perl script to strip that off, using a shell
script it always add a return character which adds a
space after the uid.


--- Yedidia Klein <yedidia at jct.ac.il> wrote:

> Hello list,
> 
> 
> I'm using freeradius server as a radius server that
> forward the auth to 
> an LDAP server,
> 
> on a RH enterprise system
> (freeradius-1.0.1-1.1.RHEL3)
> 
> I want one of my service providers to authenticate
> against this radius,
> 
> After enabling some debug option I found that it
> sends me the users in 
> the form of user at domain.tld, that (of course) my
> ldap don't know and 
> refuse to auth.
> 
> Is there a way on freeradius to pass to the ldap
> server only the left 
> site of the @ sign ?
> 
> 
> I tried to use "with_ntdomain_hack = yes" in my ldap
> section on 
> radiusd.conf  w/o success.
> 
> 
> thanks,
> 
> 
> --Yedidia 
> 
> 
> 
> - 
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 



More information about the Freeradius-Users mailing list