Could'nt authenticate windows host account with freeradius + ldap backend + samba domain controller
Alan DeKok
aland at deployingradius.com
Sat Dec 15 08:35:05 CET 2007
david.barbion at adeoservices.com wrote:
> Hello,
> The problem is when a computer tries to authenticate, the User-Name sent
> is "host//computername/", but in ldap we have entrie like
> /computername/$. So we have some attr_rewrite that removes host/ and
> adds the dollar sign.
Why? You can just create a *new* attribute, Stripped-User-Name, with
the updated contents. Then, configure the ldap module to look first for
Stripped-User-Name, and then User-Name:
foo = "... %{Stripper-User-Name:%{User-Name}} ..."
See doc/variables.txt
> rlm_ldap finds correctly the entry, but EAP
> complains about the user name change: "*rlm_eap: Identity does not match
> User-Name, setting from EAP Identity.**
> rlm_eap: Failed in handler"
Then... don't edit the User-Name. There's no need to edit it.
Alan DeKok.
More information about the Freeradius-Users
mailing list