EAP-TLS - About username sent by supplicant

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Fri Dec 14 10:39:08 CET 2007


Hi,

> My question deals with the username sent by the supplicant when the authentication goes on. At boot
> time, the username sent is : host/user_name. After the login, the username sent is : user_name. So, I
> have to create 2 users. I want to cut 'host/' to make this task easier. It is possible ? How do I do this ?

attr_filter or somesuch eg put these into radiusd.conf

attr_rewrite copy-user-name {
attribute = Stripped-User-Name
new_attribute = yes
searchfor = ""
searchin = packet
replacewith = "%{User-Name}"
}

attr_rewrite remove-host {
attribute = Stripped-User-Name
searchfor = "^(host/.*)"
searchin = packet
new_attribute = no
replacewith = "%{1}"
}

and then call these 2 functions in your authorize section
(radiusd.conf or sites-enabled/wherever (for FR 2.0) )

        copy-user-name
        remove-host

just before the other modules are called - eg chap, auth_log etc etc

alan



More information about the Freeradius-Users mailing list