problems with hints file
wekz
fbl.list at gmail.com
Mon May 8 15:58:44 CEST 2006
Ok Phil. That works fine, thanks.
I had to enable with_ntdomain_hack too.
2006/5/5, Phil Mayers <p.mayers at imperial.ac.uk>:
> wekz wrote:
> > Hi all,
> >
> > I use freeradius1.1.1 + ldap. And peap or eap-tls for authorization.
> >
> > I've been trying to use hints.file for changing the User-Name. When a
> > laptop user which is in a domain tries to do a peap authentication,
> > windows sends a User-Name that follows this pattern (at least the ones
> > I've seen):
> >
> > DOMAIN\5c\5cLOGIN
> >
> > I'm trying to catch up the LOGIN name so the radius can perform a search
> > in ldap.
> >
> > I've modify hints.file including this line:
> >
> > DEFAULT User-Name =~ "^([^\\]+)\\5c\\5c([^\\]+)"
> > User-Name := "%{2}"
>
> I assume you didn't mean "5c" but the body of your mail appears to have
> been corrupted along the way.
>
> >
> >
> > The problem is that this rule matches but it changes the User-Name for
> > an empty string.
>
> I believe that should be:
>
> DEFAULT User-Name =~ "^([^\\]+)\\\\([^\\]+)"
> User-Name = `%{2}`
>
> HOWEVER - you should almost certainly be using the "realm" module to do
> this. The default config has "realm ntdomain {" ...config lines defined.
> If you put this in "authorize" like so:
>
> authorize {
> preprocess
> ntdomain
> # other modules
> }
>
> ...then add this in proxy.conf:
>
> realm MYDOMAIN {
> type = radius
> authhost = LOCAL
> accthost = LOCAL
> strip
> }
>
> ...you can then use the following in e.g. the ldap config:
>
> ldap {
> # other config
>
> # NOTE: the expansion means "Stripped-User-Name OR User-Name"
> filter = "(sAMAccountName=%{Stripped-User-Name:-%{User-Name}})"
>
> # other config
> }
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list