EAP-TLS - About username sent by supplicant
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Fri Dec 14 10:39:08 CET 2007
Hi,
> My question deals with the username sent by the supplicant when the authentication goes on. At boot
> time, the username sent is : host/user_name. After the login, the username sent is : user_name. So, I
> have to create 2 users. I want to cut 'host/' to make this task easier. It is possible ? How do I do this ?
attr_filter or somesuch eg put these into radiusd.conf
attr_rewrite copy-user-name {
attribute = Stripped-User-Name
new_attribute = yes
searchfor = ""
searchin = packet
replacewith = "%{User-Name}"
}
attr_rewrite remove-host {
attribute = Stripped-User-Name
searchfor = "^(host/.*)"
searchin = packet
new_attribute = no
replacewith = "%{1}"
}
and then call these 2 functions in your authorize section
(radiusd.conf or sites-enabled/wherever (for FR 2.0) )
copy-user-name
remove-host
just before the other modules are called - eg chap, auth_log etc etc
alan
More information about the Freeradius-Users
mailing list