FR 2.1.7 and Hints File
Bruce Nunn
ironrake at yahoo.com
Tue Dec 22 17:45:14 CET 2009
The problem I'm trying to solve relates to Windows users who leave that "Automatically use my Windows login name and password" property checked. At my site, we authenticate with PEAPv0/MSCHAPv2 with usernames and mschapv2 password hashes stored in an ldap database, not in a Windows Domain. I'd like to get FreeRadius to strip off the computer name and password for these requests based on regular expression. As things are right now my hints file looks something like this.
DEFAULT Prefix == "DOMAIN\\", Strip-User-Name = Yes
Hint = "CAMPUS"
DEFAULT Prefix == "DOMAIN.EDU\\", Strip-User-Name = Yes
Hint = "CAMPUS"
DEFAULT Prefix == "@DOMAIN.EDU\\", Strip-User-Name = Yes
Hint = "CAMPUS"
And I have a bunch of these but not every computer name of course. My users file uses this for the hint.
DEFAULT Hint == "CAMPUS", MS-CHAP-Use-NTLM-Auth := No
Session-Timeout == 10800,
Fall-Through = No
I'd like to set the hint with something like this, but I have not been able to get anything to work nor do I know if it is even possible to use regular expressions in the hints file. I have made sure freeradius was compiled with extended regular expression support.
DEFAULT Prefix =~ "^(.*[\\\\]+)", Strip-User-Name = Yes
Hint = "CAMPUS"
None of these have worked, even with a subset of requests.
DEFAULT Prefix =~ "^DOMAIN\\\\"
User-Name := "%{Stripped-User-Name}",
Hint = "CAMPUS"
DEFAULT Prefix =~ /*\\\\/, Strip-User-Name = Yes
searchfor = "^(.*[\\/]+)"
DEFAULT Prefix =~ "^(.*[\\\\]+)", Strip-User-Name = Yes
Hint = "CAMPUS"
More information about the Freeradius-Users
mailing list