ntdomain_hack

wekz fbl.list at gmail.com
Thu May 18 10:19:57 CEST 2006


Hello everyone,

I've configured a freeradius 1.1.1 + LDAP for eap-tls authentication with
domains.

authorize {
   preprocess
   ntdomain
   ...
}

realm host {
   type = radius
   authhost = LOCAL
   accthost = LOCAL
   strip
}


This configuration gives an error:

    rlm_eap: Identity does not match User-Name, setting from EAP Identity.

When I enable with_ntdomain_hack in eap.conf it works quite well.  Could
anyone tell me why it's neccesary?

The problem is that this secondary_radius do proxy when it doesn't find the
user in its LDAP and the master_radius gives this error:

    rlm_eap: Identity does not match User-Name, setting from EAP Identity.


I've tried in master_radius the same configuration with and without
ntdomain_hack and it fails.


I've been thinking of adding the realm before the secondary do proxy, so the
master could treat the request as it's been local. But I don't like this too
much.


Does anyone have a better idea of what to do?


Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060518/2d450917/attachment.html>


More information about the Freeradius-Users mailing list