Some help with etc_smbpasswd auth and eap ttls

Josh Hiner josh at
Thu Jan 8 05:58:26 CET 2009

>>   Honestly... there are 3-4 solutions which are trivial in 2.x.  Any
>> solution is hard in 1.1.3.  I don't even recall what feature set it has
>> (or is missing).
>>   Alan DeKok.
> Ok, I have upgraded to Freeradius version 2.1.3 (following the 
> suggestion above). I have configured and gotten everything to work 
> except for the domain name stripping at the front of the username (eg: 
> HTN/josh). If I dont supply the domain name, authentication succeeds 
> perfectly. I am still getting the same error that I was with 
> Freeradius version 1.3.1. Ive configured a HTN realm to strip off the 
> HTN part and in the debug, it appears to work as stripped-user=josh 
> gets proxied back. Then authentication failes in the same way as it 
> did before? It is mentioned above that there are 3-4 solutions which 
> are trivial in 2.x. Since I have Freeradius basically running, could 
> someone spare some of their valuable time with a pointer on stripping 
> off the HTN part of the user so authentication will succeed? Thanks 
> =D. Below is the part of my debug output from Freeradius showing the 
> authentication failure. Once again, it works perfectly if I dont 
> supply the domain name (I can then connect perfectly via eap-ttls with 
> mschapv2). Hopefully I am close. I can supply more of my configs if 
> needed.
> Thanks -Josh
Ok well once again, the answer was in the debug output. Since it was 
sending back Stripped-username instead of Username, I had to create a 
2nd smbpasswd module. In this module I mapped stripped-user instead of 
username. This worked. This does work. Is this a good and acceptable 
solution? I'd still be interested in hearing other solutions if there 
are any out there. Thanks again!


More information about the Freeradius-Users mailing list