Upgrade to v2.1.9 - ntdomain logon issues

Alan Buxey A.L.M.Buxey at lboro.ac.uk
Wed Sep 8 20:35:04 CEST 2010


> [copy.user-name]        expand: %{User-Name} -> SMB001\bob
> copy.user-name: Added attribute Stripped-User-Name with value 'SMB001\bob'
> ++[copy.user-name] returns ok
> [add-dollar-sign]       expand: ^(host/.*) -> ^(host/.*)
> add-dollar-sign: Does not match: Stripped-User-Name = SMB001\bob
> ++[add-dollar-sign] returns ok
> [strip-realm-name]      expand: ^(.*[\/]+) -> ^(.*[\/]+)
> strip-realm-name: Changed value for attribute Stripped-User-Name from
> 'SMB001\bob' to 'bob'
> ++[strip-realm-name] returns ok


those particular filters look way way too familiar to me.  they look like
some kind of FreeRADIUS 1.0.x hack that I would have told someone to put into
their config back in around 2007 or so.

you do not need that sort of stuff in FreeRADIUS 2.x 

what you are doing is messing around with the EAP identity 
and thus EAP will break. 

I'd advise that you take a nice clean FreeRADIUS 2 config, then edit the
small parts that you need to edit to get a working system - 


so that NAS devices can talk to it


so that your EAP is correct

then the ldap files - as you appear to use LDAP.

there might be some other minor bits that need tweaking...but that'll
be fairly obvious when you throw test clients at it


More information about the Freeradius-Users mailing list