active directory host authentication

A.L.M.Buxey at A.L.M.Buxey at
Wed Apr 18 20:54:45 CEST 2007


> I tried something similar i used attr_rewrite to replace the bad parts 
> of User-Name with the modified correct values, it, however because i am 
> using eap-ttls, i got an eap error
> "rlm_eap: Identity does not match User-Name, setting from EAP Identity.
>  rlm_eap: Failed in handler"

ah! you really cannot play with User-Name - as you have found, the client
doesnt like that to be changed. what you want to do is copy User-Name
to Stripped-User-Name and then play with Stripped-User-Name - and
use that in the rest of the stages.

attr_rewrite is the one you want to use - i've just been busy with
some other things - attr_filter was a typo!


More information about the Freeradius-Users mailing list