problems with hints file

Phil Mayers p.mayers at
Fri May 5 11:54:39 CEST 2006

wekz wrote:
> Hi all,
> I use freeradius1.1.1 + ldap. And peap or eap-tls for authorization.
> I've been trying to use hints.file for changing the User-Name. When a 
> laptop user which is in a domain tries to do a peap authentication, 
> windows sends a User-Name that follows this pattern (at least the ones 
> I've seen):
>                                              DOMAIN\5c\5cLOGIN
> I'm trying to catch up the LOGIN name so the radius can perform a search 
> in ldap.
> I've modify hints.file including this line:
>                       DEFAULT User-Name =~ "^([^\\]+)\\5c\\5c([^\\]+)"
>                                       User-Name := "%{2}"

I assume you didn't mean "5c" but the body of your mail appears to have 
been corrupted along the way.

> The problem is that this rule matches but it changes the User-Name for 
> an empty string.

I believe that should be:

DEFAULT User-Name =~ "^([^\\]+)\\\\([^\\]+)"
         User-Name = `%{2}`

HOWEVER - you should almost certainly be using the "realm" module to do 
this. The default config has "realm ntdomain {" ...config lines defined. 
If you put this in "authorize" like so:

authorize {
   # other modules

...then add this in proxy.conf:

realm MYDOMAIN {
   type = radius
   authhost = LOCAL
   accthost = LOCAL
} can then use the following in e.g. the ldap config:

  ldap {
    # other config

    # NOTE: the expansion means "Stripped-User-Name OR User-Name"
    filter = "(sAMAccountName=%{Stripped-User-Name:-%{User-Name}})"

    # other config

More information about the Freeradius-Users mailing list