Removing domain prefix from login

Phil Mayers p.mayers at
Thu Nov 10 17:43:56 CET 2011

Ok, your debug says:

rad_recv: Access-Request packet from host port 1025, id=21, 
	Framed-MTU = 1480
	NAS-IP-Address =
	NAS-Identifier = "SW-Priv-1-1"
	User-Name = "OPTARE\\brouco"
# Executing section authorize from file 
+- entering group authorize {...}
++[preprocess] returns ok

Why is preprocess returning "ok".

What are you doing in the hints module?

Are you modifying the username field? A few lines later it says:

[ldap] 	expand: %{User-Name} -> brouco

If you're modifying the username, you can't do that. It will break EAP, 
which is why it says:

[eap] Identity does not match User-Name, setting from EAP Identity.

...then fails.

I assume you want to strip "DOMAIN\" so that you can do LDAP? You CANNOT 
modify the User-Name field. You MUST used the Stripped-User-Name field, 
and leave the User-Name field alone.

More information about the Freeradius-Users mailing list