ntdomain_hack

wekz fbl.list at gmail.com
Thu May 18 11:13:09 CEST 2006


Well I have found the answer. In the proxy realm I've put nostrip and it is
working now.



2006/5/18, wekz <fbl.list at gmail.com>:
>
> Hello everyone,
>
> I've configured a freeradius 1.1.1 + LDAP for eap-tls authentication with
> domains.
>
> authorize {
>    preprocess
>    ntdomain
>    ...
> }
>
> realm host {
>    type = radius
>    authhost = LOCAL
>    accthost = LOCAL
>    strip
> }
>
>
> This configuration gives an error:
>
>     rlm_eap: Identity does not match User-Name, setting from EAP Identity.
>
> When I enable with_ntdomain_hack in eap.conf it works quite well.  Could
> anyone tell me why it's neccesary?
>
> The problem is that this secondary_radius do proxy when it doesn't find
> the user in its LDAP and the master_radius gives this error:
>
>     rlm_eap: Identity does not match User-Name, setting from EAP Identity.
>
>
>
> I've tried in master_radius the same configuration with and without
> ntdomain_hack and it fails.
>
>
> I've been thinking of adding the realm before the secondary do proxy, so
> the master could treat the request as it's been local. But I don't like this
> too much.
>
>
> Does anyone have a better idea of what to do?
>
>
> Thanks.
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060518/a8859040/attachment.html>


More information about the Freeradius-Users mailing list