active directory host authentication

Joe Vieira jvieira at
Wed Apr 18 20:06:45 CEST 2007

> well, you can use regexp/attr_filter to look for these systems
> and then just chop off the activedirectorydomain.domain.domain. part
> thus allowing the AD REALM to be forced by yourselves.
I tried something similar i used attr_rewrite to replace the bad parts 
of User-Name with the modified correct values, it, however because i am 
using eap-ttls, i got an eap error
"rlm_eap: Identity does not match User-Name, setting from EAP Identity.
  rlm_eap: Failed in handler"

can you point me to a doc where the attr_filter is explained better?  
from reading the comments/documentation i got the impression it was 
primarily used for proxying, and wouldn't work for other things...


More information about the Freeradius-Users mailing list