Removing domain name in freeradius
Phil Mayers
p.mayers at imperial.ac.uk
Wed Oct 13 13:12:58 CEST 2010
On 13/10/10 11:55, Mark Holmes wrote:
> Thanks Phil.
>
> Final question: At the moment, I can authenticate with username, but not with username at mydomain.ox.ac.uk
>
> How do I tell freeradius to accept username at mydomain.ox.ac.uk (I don't mind if authenticating with just username without the domain fails)
Sorry, I don't follow: isn't that just the same question you asked
previously?
FreeRadius itself doesn't care what the username is. The key is that the
modules doing the authentication can recognise and authenticate that
username.
I believe from your earlier posts you are using "mschap" and the
"ntlm_auth" helper? If you look in the default configs, the commented
out (but suggested) config is:
#ntlm_auth = "/path/to/ntlm_auth --request-nt-key
--username=%{%{Stripped-User-Name}:-%{User-Name:-None}}
--challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
Note the use of the conditional expansion "Stripped-User-Name"
Anyway, as always - if it's failing, please post the full debug output i.e.:
radiusd -X | tee log
...so we can see why and help you.
In all probability, you are passing the unstripped username a at b to
"ntlm_auth" and it's choking on it.
More information about the Freeradius-Users
mailing list