FreeRadius (version 2.1.12) + ntlm_auth (AD) authentication + LDAP authorization

Matthew Ceroni matthewceroni at gmail.com
Wed Jan 9 01:43:38 CET 2013


Hi:

I am running FreeRadius version 2.1.12 on a CentOS 6 machine.

For authentication I am using AD (ntlm_auth) and this works create. In the
the request the username is sent as just the plain username (ie: mceroni)
and the NT-domain (ie: DOMAIN1). And it authenticates fine.

My problem is on the authorization side in which I am using LDAP to grab
the groups a user is in. In order to authentication against ldap my bind DN
has to be DOMAIN\username (ie: DOMAIN1\mceroni). I am wondering how I
modify the User-Name or Stripped user name just for the LDAP authorization
part so make it DOMAIN\username but keep it as is for the authentication
part.

Everything I have done so far ends up changing it for both authentication
and authorization.

(In /etc/raddb/sites-enabled/inner and default in the authorize section I
have a update request Stripped-User-Name section. Since authorize runs
before authenticate it modifies the user name for the authentications)

Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130108/ee0b1e2d/attachment.html>


More information about the Freeradius-Users mailing list