Working around broken EAP client
Phil Mayers
p.mayers at imperial.ac.uk
Tue Jun 11 17:05:59 CEST 2013
On 11/06/13 15:11, Gordon Ross wrote:
> On 11 Jun 2013, at 14:32, Alan DeKok <aland at deployingradius.com>
> wrote:
>
>> Gordon Ross wrote:
>>> In the meantime, is there anything I can do to accept these requests ?
>>
>> Set the User-Name to be the same as the MS-CHAP identity.
>
>
> How and where do I do that ? In the inner part by something close to:
It's a bit complicated, because the code munges the username values
depending on whether you've got "with_ntdomain_hack" set to "yes" or
"no" (which is why I asked for a full debug).
You want to set it as late as possible but just before mschap
"authenticate" runs.
Something like this:
server inner-tunnel {
...
authenticate {
Auth-Type MSCHAP {
if (MS-CHAP-User-Name) {
update request {
User-Name := "%{MS-CHAP-User-Name}"
}
}
mschap
}
...
}
}
More information about the Freeradius-Users
mailing list