Strip off the domain part from the User-Name
Phil Mayers
p.mayers at imperial.ac.uk
Fri Mar 25 11:15:58 CET 2011
On 25/03/11 09:39, Thomas Wunder wrote:
> On Thursday 24 March 2011 09:36:28 Phil Mayers wrote:
>> Please post a full debug. It's not possible to find the real cause of
>> your problem from the snippet.
> (see attachment)
>>
>> I am guessing that you're attempting to modify the username; you can't
>> do that, EAP will complain (as you're seeing)
> Yes, I've tried to modify the username (using a policy which I've invoked as the first item of my authorize blocks in inner-tunnel and default) but since I realized that this doesn't help either I don't do so any more (removed the policy).
> By the way this was the policy which I have used:
> strip_off_domain{
> if( User-Name =~ /^(.*)\\(.*)/ ){
> update request {
> User-Name := "%{2}"
> }
> }
> }
>
> Apart from this, what can I do have rlm_mschap cope with the domain prefix?
Use %{mschap:User-Name} everywhere; this will give the bare username
(and also correctly translate host/name.domain.com, if you later do
machine auth)
More information about the Freeradius-Users
mailing list