Proxy.conf realms
Matthew Ceroni
matthewceroni at gmail.com
Fri Mar 15 23:29:00 CET 2013
When doing 802.1x authentication from a Windows computer it initially sends
the request with the computer credentials. The username comes across as
host/E4310-D7SZZN1.domain.local. I then query LDAP in authorize and do
authentication against AD.
In order to do both steps the username needs to be stripped to just
E4310-D7SZZN1. I was able to accomplish this by placing the following in
the authorize section
if ("%{request:User-Name}" =~ /^host\/(.*).domain.local$/) {
update request {
Stripped-User-Name = "%{1}$"
}
}
This worked just for the authentication section as it appears this happens
after the LDAP module is called in authorize.
How can I get this to happen earlier in the process? Right now I am looking
at the proxy.conf file and setting a realm? Would this be the area to have
this done?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130315/baf1f871/attachment.html>
More information about the Freeradius-Users
mailing list