stripping domain from username (for wifi authentication on Windows XP)
pugatch at gmx.com
Tue May 13 17:56:57 CEST 2008
> ----- Original Message -----
> From: A.L.M.Buxey at lboro.ac.uk
> Sent: 11:10 am
> To: FreeRadius users mailing list
> Subject: Re: stripping domain from username (for wifi authentication on
> Windows XP)
> > Hello everyone,
> > I am using freeradius to have my wifi network use my LDAP credentials
> > authentication. However, Windows has this glorious default setting
> > automatically passes the domain username and password to the radius
> > to authenticate for wifi access. While I can easily uncheck a box to
> > that behavior not happen, it would be great if I could just have radius
> > accept those credentials. The windows domain and radius both use the
> > LDAP directory. The only issue is Windows sends the username as
> > DOMAIN\\username. Is it possible to have freeradius ignore the
> > part of the username?
> yes, check the configuration files for the prefix part.
> are you using 1.1.x or 2.0.x? if 1.1.x you can
> also you the rewrite module to copy User-Name to Stripped-User-Name
> and then blow away the DOMAIN\\ part - or any preceeding STUFF\\
> if you use 2.0.x then use unlang to do the same job efficiently
> when and where you need it.
> Thanks for the response. I'm using 1.1.x. Currently, I have ldap
> filter definined as:
> filter =
> I have enabled with_ntdomain_hack on preprocess.
> However, since doing that, I am receiving the following error:
> Tue May 13 11:34:39 2008 : Error: rlm_eap: Identity does not match
> User-Name, setting from EAP Identity.
> Tue May 13 11:34:39 2008 : Auth: Login incorrect: [rpugatch] (from client
> aruba port 3 cli 001F3A4CE09E)
> This worked before enabling with_ntdomain_hack. It seems like the
> username is now being stripped properly, but it isn't matching something
> properly. Unfortunately, I don't seem to understand exactly what is
> going wrong.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Freeradius-Users