AW: Feeding an LDAP replyItem to an MS-CHAPv2 ntlm_auth request

Alan DeKok aland at deployingradius.com
Thu Jan 18 15:46:55 CET 2007


Haas Florian wrote:
> So, to clarify my original question. What I want is this:
> 
> 1. Put the value of an LDAP attribute (sAMAccountName) into a variable when the
> user is authorized in LDAP.
> 2. Access that variable when the user is being authenticated via MS-CHAPv2, and
> put it into the --username argument of ntlm_auth.
> 
> I do understand that this would require registering said variable in dictionary
> and ldap.attrmap. I also understand that I need to set up a proper filter in the
> configuration of the ldap module, for correct authorization of the "user" that's
> being identified by it servicePrincipalName in this case. I have done all that.
> What else would I need, if what I'm trying to do is at all possible?

  It sounds like that should work.

  Alan DeKok.
--
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog



More information about the Freeradius-Users mailing list