AW: Since 2 Month noone any idea how to do this ? Stripping Username Question *important*

James J J Hooper jjj.hooper at bristol.ac.uk
Sat Jul 22 13:28:51 CEST 2006 


--On Saturday, 22 July 2006 11:19 +0200 Krämer Armin <Kraemer.Armin at web.de> 
wrote:

> Thanks, i tried out this now and got the following warning:
>
>
> rlm_ldap: performing user authorization for host/notebook-armin
> Sat Jul 22 12:25:24 2006 : Debug: WARNING: Attempt to use unknown xlat
> function, or non-existent attribute in string %{mschap:User-Name}
> Sat Jul 22 12:25:24 2006 : Debug: radius_xlat:
> '(&(uid=)(objectclass=radiusprofile))'
> Sat Jul 22 12:25:24 2006 : Debug: radius_xlat:
> 'ou=users,ou=radius,dc=ak-server,dc=de'
>
>
> And the search finishes with "NOT FOUND"
>
>
> rlm_ldap: waiting for bind result ...
> Sat Jul 22 12:25:24 2006 : Debug: rlm_ldap: Bind was successful
> Sat Jul 22 12:25:24 2006 : Debug: rlm_ldap: performing search in
> ou=users,ou=radius,dc=ak-server,dc=de, with filter
> (&(uid=)(objectclass=radiusprofile))
> Sat Jul 22 12:25:24 2006 : Debug: rlm_ldap: object not found or got
> ambiguous search result
> Sat Jul 22 12:25:24 2006 : Debug: rlm_ldap: search failed
>
>
> Any idea fort this? Looks like the searchString is complete emty now??
>
> I made an LDAP Entry which looks like " uid=host/notebook-armin$ "
>
> Thanks for answering!
>
> Greetings
>
> Armin
>
>
>
>
>
> -----Ursprüngliche Nachricht-----
> Von: freeradius-users-bounces+kraemer.armin=web.de at lists.freeradius.org
> [mailto:freeradius-users-bounces+kraemer.armin=web.de at lists.freeradius.or
> g] Im Auftrag von James J J Hooper
> Gesendet: Samstag, 22. Juli 2006 10:31
> An: FreeRadius users mailing list
> Betreff: Re: Since 2 Month noone any idea how to do this ? Stripping
> Username Question *important*
>
>
>
> --On Saturday, 22 July 2006 09:23 +0200 Krämer Armin
> <Kraemer.Armin at web.de>  wrote:
>
>>
>> Hi,
>>
>> im working with machine authentication and EAP-TLS Zertifikates.
>>
>> When a machine authenticates  I get the name of the mchine like
>> "host/250-IT"  and the search String on LDAP is like "host/250-IT".
>>
>> I nee the searchString at LDAP like 250-IT$. How can I strip away that
>> host/ and add $ for the search at the LDAP Directory?
>>
>
> In your LDAP section of radiusd.conf, replace this:
> %{Stripped-User-Name:-%{User-Name}}
> with this:
> %{Stripped-User-Name:-%{mschap:User-Name}}
>
> Regards,
>    James


Sorry, what i suggested may only work in the mschap section, not in the 
LDAP bit... :(


James.

More information about the Freeradius-Users mailing list