problems with hints file

Fri May 5 11:54:39 CEST 2006

wekz wrote:
> Hi all,
> 
> I use freeradius1.1.1 + ldap. And peap or eap-tls for authorization.
> 
> I've been trying to use hints.file for changing the User-Name. When a 
> laptop user which is in a domain tries to do a peap authentication, 
> windows sends a User-Name that follows this pattern (at least the ones 
> I've seen):
>                    
>                                              DOMAIN\5c\5cLOGIN
> 
> I'm trying to catch up the LOGIN name so the radius can perform a search 
> in ldap.
> 
> I've modify hints.file including this line:
> 
>                       DEFAULT User-Name =~ "^([^\\]+)\\5c\\5c([^\\]+)"
>                                       User-Name := "%{2}"

I assume you didn't mean "5c" but the body of your mail appears to have 
been corrupted along the way.

> 
> 
> The problem is that this rule matches but it changes the User-Name for 
> an empty string.

I believe that should be:

DEFAULT User-Name =~ "^([^\\]+)\\\\([^\\]+)"
         User-Name = `%{2}`

HOWEVER - you should almost certainly be using the "realm" module to do 
this. The default config has "realm ntdomain {" ...config lines defined. 
If you put this in "authorize" like so:

authorize {
   preprocess
   ntdomain
   # other modules
}

...then add this in proxy.conf:

realm MYDOMAIN {
   type = radius
   authhost = LOCAL
   accthost = LOCAL
   strip
}

...you can then use the following in e.g. the ldap config:

  ldap {
    # other config

    # NOTE: the expansion means "Stripped-User-Name OR User-Name"
    filter = "(sAMAccountName=%{Stripped-User-Name:-%{User-Name}})"

    # other config
  }