FreeRadius (version 2.1.12) + ntlm_auth (AD) authentication + LDAP authorization

Matthew Ceroni matthewceroni at
Wed Jan 9 01:43:38 CET 2013


I am running FreeRadius version 2.1.12 on a CentOS 6 machine.

For authentication I am using AD (ntlm_auth) and this works create. In the
the request the username is sent as just the plain username (ie: mceroni)
and the NT-domain (ie: DOMAIN1). And it authenticates fine.

My problem is on the authorization side in which I am using LDAP to grab
the groups a user is in. In order to authentication against ldap my bind DN
has to be DOMAIN\username (ie: DOMAIN1\mceroni). I am wondering how I
modify the User-Name or Stripped user name just for the LDAP authorization
part so make it DOMAIN\username but keep it as is for the authentication

Everything I have done so far ends up changing it for both authentication
and authorization.

(In /etc/raddb/sites-enabled/inner and default in the authorize section I
have a update request Stripped-User-Name section. Since authorize runs
before authenticate it modifies the user name for the authentications)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list