FreeRADIUS + LDAP + Wireless auth
Alan DeKok
aland at ox.org
Fri Mar 3 20:54:50 CET 2006
James Cort <james.cort at u4eatech.com> wrote:
> The problem I am having is that I cannot figure out how to get both the
> LDAP backend and the EAP parts working simultaneously. If I enable the
> "with_ntdomain_hack" option, LDAP works but EAP gives the "rlm_eap:
> Identity does not match User-Name, setting from EAP Identity." error.
> Removing the with_ntdomain_hack option results in the log below.
Ah, you have DOMAIN\user logging in, and your LDAP server knows
about "user".
Try the following in "hints":
DEFAULT User-Name =~ "\\(.*)$"
Menu = "%{1}"
Then in radiusd.conf, do:
...
ldap {
...
filter = "(uid=%{Menu:-%u})"
...
Yes, "menu' is a bad name, but it should work.
The idea is to grab the "user" from "DOMAIN\user", and to stuff it
into another attribute. Then, use that attribute as the username in
the LDAP filter, rather than User-Name.
Alan DeKok.
More information about the Freeradius-Users
mailing list