stripping domain from username (for wifi authentication on Windows XP)

Ryan Pugatch pugatch at gmx.com
Tue May 13 17:56:57 CEST 2008


> ----- Original Message -----
> From: A.L.M.Buxey at lboro.ac.uk
> Sent: 11:10 am
> To: FreeRadius users mailing list
> Subject: Re: stripping domain from username (for wifi authentication on 
> Windows XP)
> 
> Hi,
> > Hello everyone,
> > 
> > 
> > 
> > I am using freeradius to have my wifi network use my LDAP credentials 
> for 
> > authentication.  However, Windows has this glorious default setting 
> that 
> > automatically passes the domain username and password to the radius 
> server 
> > to authenticate for wifi access.  While I can easily uncheck a box to 
> make 
> > that behavior not happen, it would be great if I could just have radius 
> > accept those credentials.  The windows domain and radius both use the 
> same 
> > LDAP directory.  The only issue is Windows sends the username as 
> > DOMAIN\\username.  Is it possible to have freeradius ignore the 
> DOMAIN\\ 
> > part of the username?
> 
> yes, check the configuration files for the prefix part. 
> are you using 1.1.x or 2.0.x? if 1.1.x you can
> also you the rewrite module to copy User-Name to Stripped-User-Name
> and then blow away the DOMAIN\\ part - or any preceeding STUFF\\
> if you use 2.0.x then use unlang to do the same job efficiently
> when and where you need it.
> 
> alan
> -
> 
>    Alan,
> 
> Thanks for the response.  I'm using 1.1.x.  Currently, I have ldap 
> filter definined as:
> 
>                  filter = 
> "(uid=%{Stripped-User-Name:-%{User-Name}})"
> 
>  I have enabled with_ntdomain_hack on preprocess.
> 
>  However, since doing that, I am receiving the following error:
> 
>  Tue May 13 11:34:39 2008 : Error: rlm_eap: Identity does not match 
> User-Name, setting from EAP Identity.
> 
> Tue May 13 11:34:39 2008 : Auth: Login incorrect: [rpugatch] (from client 
> aruba port 3 cli 001F3A4CE09E)
> 
>  This worked before enabling with_ntdomain_hack.  It seems like the 
> username is now being stripped properly, but it isn't matching something 
> properly.  Unfortunately, I don't seem to understand exactly what is 
> going wrong.
> 
>  Ryan
> 
>     
> > 
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080513/68256781/attachment.html>


More information about the Freeradius-Users mailing list