Strip off the domain part from the User-Name

Phil Mayers p.mayers at
Fri Mar 25 11:15:58 CET 2011

On 25/03/11 09:39, Thomas Wunder wrote:
> On Thursday 24 March 2011 09:36:28 Phil Mayers wrote:
>> Please post a full debug. It's not possible to find the real cause of
>> your problem from the snippet.
> (see attachment)
>> I am guessing that you're attempting to modify the username; you can't
>> do that, EAP will complain (as you're seeing)
> Yes, I've tried to modify the username (using a policy which I've invoked as the first item of my authorize blocks in inner-tunnel and default) but since I realized that this doesn't help either I don't do so any more (removed the policy).
> By the way this was the policy which I have used:
>          strip_off_domain{
>                  if( User-Name =~ /^(.*)\\(.*)/ ){
>                          update request {
>                                  User-Name := "%{2}"
>                          }
>                  }
>          }
> Apart from this, what can I do have rlm_mschap cope with the domain prefix?

Use %{mschap:User-Name} everywhere; this will give the bare username 
(and also correctly translate host/, if you later do 
machine auth)

More information about the Freeradius-Users mailing list